14 eBay & PayPal

If you buy anything on eBay, the online auction and shopping site, there's a good chance that you have been asked to pay using the online payment system PayPal. This relationship between eBay and PayPal makes a great target for criminals to focus on, as there is a whole load of specific information that makes their goal easier. By offering goods for sale on eBay they can profile bidders as potential targets, by offering high value items with vague descriptions. This encourages bidders to ask questions about the item and in the process may offer or be asked for their email address and other information. So over time the criminals will have a list of eBay usernames, email addresses and knowledge of the types of products typically purchased. 

The eBay accounts used for information gathering purposes will all be legitimate and will actually ship the goods if you happen to win the bid, but most probably withdraw the item before the end date. More subtle information gathering in the form of viruses and spyware adds to the pool of information. So now all the criminals have to do is convince you that an email has come from eBay or PayPal, which is now a lot easier. It will have your eBay username and name in the intro text and may say that a similar item to one that you have previously bid on is now available for immediate purchase via the following eBay ‘buy it now’ or PayPal link. They may even have a credit card payment option that takes you to a fake payment system webpage.

Other variations will just try to reset your PayPal password, get you to accept a PayPal refund which is obviously a mistake (but high enough to make it attractive) or offer you an eBay second chance purchase option, because the original bid winner did not pay for the item. So, what steps can you take to avoid falling for these tricks?  Once again don’t follow the links from emails, even if they happen to be genuine. Always manually login to eBay or PayPal yourself until it becomes a habit, that way you are protected from fake emails like the one below.

Be aware that some PayPal scams include a PDF attachment to make it look more official like this fake letter telling you that there is an issue with your account.

While these can be quite easy to spot as the letter is quite generic, expect more sophisticated attempts with names and other information gleaned from data breaches and social media, as well as more plausible sender domains that include the word paypal (or a variant like pay-pal) somewhere in the mix. Either way the same advice applies, do not panic and manually login to PayPal yourself.

Another big eBay scam is the escrow scam, where you are told that money has been paid for a high value item that you are selling into an escrow service, which will then release the money once the goods have received by their client. You end up shipping the goods but never receive anything. Worse still, the escrow service is fake, which means the bank details you entered for the money to be transferred is also in the hands of the criminals.

A variation of this scam is where the criminal is selling the high value item (like a car or a Rolex watch) and you are asked to pay into a particular escrow service or pay an admin fee to a bogus shipping company, because the seller is currently on an oil rig or and cannot ship the goods themselves.

To put the scale of the problem into perspective, the UK's national fraud and cybercrime reporting centre ActionFraud received 21,349 crime reports about fake PayPal emails between January 2020 and September 2020, with victims reporting a total loss of £7,891,077.44 over this period. That’s just 1 of the 49 countries eBay operates out of, over 9 months. 

Index or next chapter Unofficial Websites