There seems to be a spate of scammers doing the rounds again on eBay.

The problem is, PayPal are leaving their customers in the lurch.

Basically, the scammers use Phishing or a trojan to farm eBay and PayPal accounts. The problem is, although PayPal is a daughter company of eBay, they use different authentication techniques and don't co-operate with each other, when it comes to scammers.

The scammers take a legitimate account, with good feedback and change the e-mail and physical address on eBay, which they can do, without raising suspicion from the original account holder. On the PayPal side, you cannot change the e-mail or address information without causing a trigger e-mail to the old e-mail address, which would tip off the account holder that their account has been hi-jacked.

Once they have the eBay account, they then bid on some high-price piece of electronics equipment - and they will be happy to overpay by a couple of quid, as it isn't their money, it is the sellers money.

Now it gets interesting:

They then tell PayPal to make the payment. But, even though they pay separately for postage (and sometimes insurance on the delivery), they tell PayPal that they have purchased an on-line service; which automatically negates the payment protection programme from PayPal.

The information about the negation of the payment protection is shown as green text at the bottom of the page! (eBay/PayPal have agreed in the future to put it in red and make it more prominent).

The confirmation email is sent to the seller, that the payment has been agreed - and it gives the PayPal registered email address and physical address. Again, if you don't use the address in the PayPal email, you are screwed.

The problem is, many sellers use the eBay function (at least in Germany) to automatically generate a DHL franked address label, using the address the scammer gave in the hi-jacked eBay account.

Even though it is one umbrella company, there are no checks between eBay and PayPal, so even though eBay knows it is a physical sale, with postage (and insurance) costs added, it will still allow the customer to tell PayPal that it is an on-line service which has been purchased. There is also no confirmation that the email address and delivery address match between eBay and PayPal, so eBay will happily auto-generate an address label for an address that they ought to know is invalid...

So, be careful.

Most of the auctions seem to be going to eastern Europe and the former Soviet Union (Lithuania etc.).

PayPal will pay the money initially, until the account holder notices that an unathorised transaction has been made on their account, at which time, PayPal automatically pull the money back out of the account, at which point the seller is out of pocket, and if the item has left the country of origin, the package can't be pulled back...

This is why I avoid e-bay like the plague. They also changed something in the payment process which pissed my manager off.

My brother sold some gold a good few years ago for over £300. He sent the item special delivery and the transaction was handled through Paypal and eBay. Its turns out the guy used a stolen credit card and Paypal simply took the money out of my brothers account. He was left with no goods and no money. He was disputing it and gave Paypal proof of delivery but it was that long ago I cant remember if he got any money back or not.

I have an ebay account and a paypal account. What can I do to protect myself?

Never click on a link that looks like it's come from either.

Jon

Dont use it

Seriously though I never respond to are click on anything that comes in email from Paypal or eBay. I go to the site directly.

i closed my ebay and paypal account 3 or 4 years ago
i wont be rushing to open either again ...

its the devil doing it:

6 Replies
66 views

(on this thread)

He's above you

haha didnt even notice that

the devil in me is just, doing, fine ...

Use tough passwords, ones that cannot be cracked with dictionary attacks. I use a password manager to do that. I also have a rolling PIN generator from eBay (£3) that is linked to my PayPal account. That means they have to get past the tough password then face the rolling PIN.

Also never click on any links within an email. If you do everything through the eBay online mail then it will be available to eBay to confirm that you followed the rules.

If you are really paranoid change your passwords regularly. That is when a password manager comes in handy. It can randomly generate them for you and store them.

In this case, a strong password is of no use. The only things you can do are:

1) don't sell anyrhing on eBay

2) if you must sell on eBay, don't sell to anyone with an address outside your country.

3) double check the e-mail address and physical address on eBay with those on PayPal. If they don't match 100%, don't send the goods (and inform eBay & PayPal straighg away, that you suspect a hijacked account).

Yes but I think that within the EU is better than anywhere in Africa. Genuine Nigerians must have a real struggle to get any thing sent to them.

I have had no problems ordering anything from within Europe with the exception of one time when something would not be delivered outside Germany. Though I am usually happy to wait for them to be happy that it is a genuine transaction in those cases.