1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 1:53 am May 5, 2026

Forum Moderators: buckworks

Message Too Old, No Replies

Paypal Fraud Warning

         

Miop

10:01 am on Jul 1, 2008 (gmt 0)

10+ Year Member



Our store website was hacked and the Paypal gateway email address altered to someone else's. Paypal payments which were subsequently made by customers went to the thief's address and into their account. They set up a callback on their Paypal account to our website, which marked the orders as paid.
Paypal refuse to anything to help - even though they have a thief operating one of their accounts, and even though Paypal were complicit by allowing an unauthorised callback from an unrelated account to a commercial website, they refuse to refund the customer's money (to the customer). As far as I know they have not even logged a complaint or report on the matter. They don't want anything to do with it.
So a general warning - be sure your security on your website server is as good as it can be, and to buyers using Paypal, be aware that who you think you are paying is not who you may actually be paying. And don't expect any help from Paypal. I can only hope that when each individual customer complains, they will refund their money, but they won't say that they will.

PS we fulfilled the orders anyway - it was not the customer's fault.

eelixduppy

9:02 pm on Jul 1, 2008 (gmt 0)



Thanks for the warning :)

Paypal also offers fraud protection services.

pageoneresults

9:17 pm on Jul 1, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Paypal refuse to anything to help - even though they have a thief operating one of their accounts, and even though Paypal were complicit by allowing an unauthorised callback from an unrelated account to a commercial website, they refuse to refund the customer's money (to the customer). As far as I know they have not even logged a complaint or report on the matter.

For PayPal to react this way seems a bit far-fetched to me. Oh, I believe you, but this doesn't seem like their normal MO.

And, if you say the "thief" has a PayPal account, that makes it even more suspicious.

But, in the end, it all comes back to this...

Our store website was hacked and the Paypal gateway email address altered to someone else's.

Is that all they did?

Would Google be responsible for your lost rankings if someone hacked your website? Nah, it doesn't work that way but in this particular instance, there is something more to it. For a PayPal account holder to be able to redirect funds like that to their account just doesn't seem like something PayPal is going to turn their backs on. No, I don't think that is going to happen.

When did you report all of this? Like an hour ago? ;)

eelixduppy

8:48 pm on Jul 2, 2008 (gmt 0)



I'm sure there is an amount that raises more flags. If the bank sees a withdrawal for $10 they're probably not going to think anything of it. If they saw that $1000 was being withdrawn by Paypal they might get a little worried. To be honest, I'd rather be safe and have to call up my bank than have something happen.

Marcia

9:07 pm on Jul 2, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I got a telephone call from someone at PayPal this morning verifying the amounts of my last 3 purchases, made in the last couple of days - including the amounts. He also questioned who the recipients were for one transaction, since two different names appear - one for the hold, the other after the order is sent out, which is normal for them with all orders.

I asked why the call, he said it's for doing fraud checks.

jecasc

8:42 am on Jul 3, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Why don't you tell the customers to file a complaint with Paypal. They will get their money back from Paypal and then can pay you.

Miop

9:28 am on Jul 10, 2008 (gmt 0)

10+ Year Member



Pageoneresults - I'm not sure what you are implying.
Yes that's all they did. If anyone wants to see the emails and replies I have received from Paypal, they can pm me.
Paypal suggested that maybe I was involved somehow because I had the transaction ID's. I had them because *they* allowed the thief to use their account to send a callback to *my* site (why would they do that?) which
1) marked the orders as paid and
2) inserted the transaction ID into the database.

Any conversations regarding these transactions can only take place by phone or email because you cannot report any activity related to transactions which do not exist in your own account and they do not exist because the money was diverted to someone else's account.

Paypal are complicit in allowing the callback to take place, and have also profited from the fraud. I do not know if they have even frozen the fraudsters account.
They will not issue a case or incident number or anything.
All I have been told to do is make a complaint to Paypal Europe using a form.
Sorry but that's the way it is, and after 20 days, they appear to have now abandoned me. They don't want to know. Yes they have turned their back on me.
I have used Paypal since 2002 (as a business merchant), but have now removed it and will not be using it again. These days it's just too insecure...the least they could do is allow some kind of account number to be used in association with the email address...
NB I have called the police because I regularly have to see people's stolen card details being used and cannot do anything about it. The police have basically told me tough - nobody can or will do anything.

They shout from the rooftops about card and ID fraud, security and trust, but when it happens, there is nobody to tell who can do anything about it.

I can only hope that Paypal have now reimbursed the customers (if they bothered to file a complaint...I know that one did)

Miop

9:41 am on Jul 10, 2008 (gmt 0)

10+ Year Member



Jecasc - yes I have suggested that the customers (who have been wholly sympathetic to us rather than annoyed that someone has nicked their money) do that though I'm not sure if they will as they don't necessarily seem to understand what happened - most of them do not have Paypal accounts and just used it to make the payment, so they have no idea about the resolution process and will have to open an account presumably to do so. They have got their goods, so maybe the hurdles may well put them off. That's why I telephoned Paypal straight away as soon as I discovered it - so that Paypal would at least look into it and consider freezing the funds so that the money could not be passed into the fraudster's bank account.
It was like talking to a bot - she just kept repeating some mantra about Paypal being committed to security and preventing fraud.
I'm afraid they need to put action where there mouth is because I just don't believe them.

The long and the short of it is that all you need to send money to someone is their email address (this was a googlemail one and I know that many people who accept payments have hotmail addresses...) so if you can find a way to alter someone else's gateway to Paypal to your Paypal email address, you can steal money very easily.
My Protx account gateway requires a long security key as well as username...

pageoneresults

8:57 pm on Jul 11, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



pageoneresults - I'm not sure what you are implying.

I'm implying that it is unusual "based on my experience with PayPal" for them to react like this. Maybe your opening statement in this topic is closely related to their actions?

Our store website was hacked and the Paypal gateway email address altered to someone else's.

I'd have to read through all the Terms and Conditions but I do believe if you got "hacked" then PayPal is not at fault, are they?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 1:53 am May 5, 2026