/ Money

Scam watch: eBay scammer raises hell

A hellish few weeks followed after Anthony received a message out of the blue on eBay demanding a $500 refund. Here’s how this cloned account scam works.

An eBay buyer messaged Anthony saying he hadn’t received his order and demanded a $500 refund.

Anthony had never heard of him nor sold him anything. On closer inspection, it appeared that the hacker cloned his eBay account, opened a bogus PayPal account, sold an item in his name and received the money.

Passing the buck

He was told by eBay not to worry, as both sellers and purchasers are protected against fraud. The catch here though, is that Anthony was neither.

eBay refunded the buyer, then debited $500 from Anthony’s own PayPal.

Hellish weeks followed, with many calls and emails to eBay. It claimed it was PayPal’s problem, but PayPal said the opposite.

Guide: getting your money back after a scam

Even a conference call didn’t resolve anything, but after involving the UK and US CEOs of eBay, Anthony did get his money back, but was refused compensation.

A bureaucratic nightmare

We got in touch with eBay, which said cases such as Anthony’s are ‘extremely rare’ and fraudsters ‘use very sophisticated methods’ to circumvent security, claiming its defences were ‘continuously updated’ to tackle new trends.

It told us that systems were in place to ‘protect both the buyer and seller’. So, we’re still not clear on what happened. It added:

“With regard to why we do not offer compensation, we would always direct the member to our eBay user agreement which covers liability and correcting mistakes”

We’re not impressed at all with the bureaucratic nightmare Anthony faced. When firms fail to safeguard your money or details, we recommend voting with your feet.

Have you ever been contacted out of the blue by someone on eBay? What happened? Let us know in the comments.

Comments

Happened to me

He should have sued eBay for compensation

Kevin says:
27 December 2019

If someone takes your property without permission, that’s theft. If eBay do it, then eBay have robbed you. The fact that THEY have been defrauded does not give them the right to defraud their customers/members in order to cover their loss. I don’t think any legally enforceable T&C’s could absolve the other party of criminal behaviour.

I would be tempted to request a refund, stating the reason, advise them that your next step will be to seek recovery via the small claims process, and advise them what your hourly rate is for any further time you have to spend dealing with them.

We seem to live in an environment where commercial robber barons can charge us punitive rates for things like minor parking infringements, but we are expected to jump through their hoops to get our own money back off them. This is unacceptable and we shouldn’t put up with it. If they want to waste your time, they should pay for it.

Faye, your thoughts please?

If someone clones your eBay account, is that your fault or eBay’s?

If someone buys from a cloned account, is that your fault, eBay’s or the buyer’s? Particularly if the cloned account has no positive reviews while the real one does

If you dispute eBay taking your money to refund the buyer, or sue eBay in the small claims court for compensation, and eBay terminates your account as a result, do they have a right to do that?

Please give your legal expertise

Kevin says:
27 December 2019

eBuy and Paypal both offer 2 factor authentication (or 2FA). It’s not the most secure version since they use SMS messages, however it is much better than any password alone, no matter how good. Check on the account details page of your account to enable it. Companies do not typically promote 2FA since it serves their purpose to blame the user for any errors or mistakes, but it will strengthen your hand should any legal processes be necessary, aswell as making you safer.

Anyone using other online services should enable 2FA, since it’s about the best option available at the moment. Search for twofactorauth [.org] for lists of organisations offering it. Bear in mind if it’s an SMS system you need a mobile signal where you are logging in for it to work easily.

This isn’t authentication

Someone copied a real eBay account, pretended to sell stuff, took the money and ran

Has nothing to do with authentication. It’s Identity Theft

Kevin says:
27 December 2019

Hi wev
I was not making a comment directly on this scam methodology, there isn’t enough detail on the cloning to do that.

I’m merely commenting on best practise to avoid one of the many routes to being scammed online.

If someone hacks your account thro poor login security, you’re well on the way to having your identity stolen, at least for that service.

Typically hackers will also try to use compromised details from one service to exploit others, 2FA is one means to limit this kind of domino effect.

For the record, my comments are not legal advice, and any technical suggestions should be treated with the appropriate level of scepticism for any material from the Internet.

Richard Turner says:
29 December 2019

Is anyone else experiencing PayPal keeping the money for weeks on “hold” that should be going straight into your PayPal account ready to withdraw/transfer into your bank account . PayPal says it’s a “security” measure. I call it theft

I haven’t sold on eBay for a while now, but the last two times when someone tried it on, “she” sent me an email directly to my email address which is available to see on the seller’s page. You can ask questions about a product on the seller’s page so it’s not necessary to use the sellers published email address. This is a breach of Ebay’s security as far as I’m concerned. My email address should not be published until the buyer has purchased the product. After some digging around by me I discovered that the user name these people were using was hijacked. They did it twice to me using different user names but writing the same text… really bright!