Changing eBay password didn’t stop PayPal payment email address change scam
We were contacted this morning by another seller whose PayPal payment email address has changed to eBay and in this case lost around £ 6,500.
With typical sales ranging from around £ 10 to £ 35 and between 100 and 150 orders per day, it’s really not easy to notice that a few pounds are missing here and there, but over a month the sums add up quickly. .
What is particularly glaring in this case is that after spotting the fraud, the seller changed their eBay password, PayPal password, and email address password around 8 p.m. yesterday. evening. When they got back to work this morning, they found that the PayPal payment email address had changed again on a few of their listings.
It’s easy to say that it’s the seller’s responsibility to keep their eBay account secure, but after changing all of their passwords and not telling anyone what their new passwords were, how the scammer is. he returned to his account? What can sellers do to protect themselves if scammers seem to have unlimited access to their eBay accounts and the ability to steal funds at will?
We asked sellers what tools and services they use to run their business, but in this case, like a few others, the seller doesn’t use any external tools. This means that it cannot be an external tool that has been compromised, and hackers must have a method to access eBay directly (or indirectly through a method in which a password change does not. will not terminate once the account is compromised).
While we believe PayPal has questions such as how the heck the accounts receiving the stolen funds pass European anti-money laundering checks, we believe it is the responsibility of stopping fraud when sellers discover that a PayPal payment email address changed and funds were diverted to a scammers PayPal account.
There must also be a much stronger collaboration between eBay, PayPal and the police. Currently, PayPal is (rightly) blaming eBay because it is eBay where the PayPal payment email address has changed. eBay shrugs its shoulders and says that since they never got the funds, the seller should work with PayPal to get them back. The local police are powerless and just direct the salespeople to Action Fraud. It is time that when a fraud is reported, eBay uses its law enforcement relationships to actively report the cases themselves and help the police find the culprits and for PayPal to help and, if possible, track down. and collects the funds.
There is also the issue of personal data of innocent consumers. Tens of thousands of consumer names, home addresses, email addresses, and a record of a recent purchase can be found in the crooks’ PayPal accounts. What is stopping these crooks from sending a phishing email saying “You bought this, you might like it?” In a double scam?
eBay must take decisive action now. They released a seller’s version yesterday, but if sellers can’t be sure their accounts are secure, then not every seller’s version in the world will stop them from leaving eBay, either because they lose faith in the market security or simply because they lose so much money that they go bankrupt and are bankrupted.