This year saw so many news of sellers who have been victim to the eBay Paypal payment email address fraud were reported. It was found that between August 2017 and January 2018, the victims to this fraud lost over $8,000 from 1200 plus eBay transactions. Less than 10 listings from their total of over 12,000 active eBay listings were targeted over that period, but these were 10 from of their top 100 listings. In some cases the hackers changed the paypal address back to the normal for a day or two, then back to their fraudulent one making the eBay PayPal payment email address fraud a very hard scam to detect. Just one letter in their eBay PayPal payment email address was changed from a “t” to an “f”.
The fraud, as in other cases was discovered when they were going to issue a refund for a returned item and discovered that they’d never been paid in the first place.
These victims have all seen the payment email address changed on several of their listings, diverting thousands into fraudsters PayPal accounts, so here are the steps to avoid and detect the eBay PayPal email payment address scam and protect yourself.
1. Look out for phishing emails
There are only two ways your account can be compromised and fall victim to the eBay PayPal email payment address scam – directly through methods such as clicking on a link in a scam email or indirectly if eBay’s servers are compromised or an internal eBay employee is complicit in the fraud. Therefore be wary of clicking on links in emails that you receive. Always go through the scan for any such phishing or scam emails before you open it.
2. Use Two factor authentication
Use two factor authentication to access your eBay account. This sounds simple if you are a one person business, but if you are a larger business and need to give multiple employees access to your account then each and every one of them could be compromised if they click on the wrong email link. The two factor authentication is simple process where you enter you mobile number or another email for another verification that it’s your account. Use
3. Follow Business rules
If you already use business rules for your PayPal email payment address. This should set your address for all your listings but there’s still nothing to stop a scammer changing your business policy and if they do it won’t generate an alert.
4. Bulk change your PayPal email addresses
Bulk change your PayPal email addresses. There is a practical limit to how often you can do this and if you’ve been compromised there’s nothing to stop the scammer going back into your account to change them again.
5. Reconcile sales
Reconcile every single sale from eBay to PayPal. In practical terms this might be possible if you only have a few dozen sale a day, but if you have hundreds or thousands of sale a day it’s simply not practicable.
6. Get eBay to run a check
Phone eBay support and ask for a report detailing the PayPal email payment address for all your listings.
Steps taken by an eBay seller to avoid the eBay PayPal payment email address fraud
The seller has the Linnworks channel integration PayPal address verification method set up
Two Step Authentication on eBay login has been implemented, although this is frankly a pain in the neck as verification codes are sent to a single mobile. This means that the business owner has to be aware a member of their staff are about to log into eBay and be available to tell them the code as soon as it arrives before the login times out.
The seller has now commissioned a daily PayPal report from Linnworks with the PayPal email addresses pulled from an XML file and spreadsheet emailed to the seller. This will prove a reliable method of checking email addresses as, whilst eBay change the data available via the API and may no longer include the PayPal payment email address, it is still included in the XML report.
Though at eBay there is no easy way to verify that your account is secure and your funds are not being stolen. They have had to pay for multiple reporting methods to be coded just to later discover that through eBay changes the reports fail and they’ve had to start again and seek alternative methods to confirm that they are no longer being scammed.
Sellers need eBay to either make it impossible to edit payment details to stop the eBay PayPal payment email address fraud, or at the very least to notify sellers if they are changed. A simple report in the Seller Hub detailing payment totals by PayPal payment email address would suffice – if sellers saw their payments going to multiple PayPal email addresses they’d immediately be alerted that something was wrong, but even here they shouldn’t have to check daily – eBay should tell sellers if this vital information has been tampered with.
Though sellers on eBay don’t have the tools to monitor the PayPal email payment addresses on their listings to protect themselves but these above steps can surely save you from such fraud.