eBay refund fees to PayPal payment email address scam victim before they discover the fraud

By Chris Dawson September 10, 2019 - 8:00 pm

eBay may have started taking action on the PayPal email payment address scam which numerous sellers have fallen victim to. One of the latest eBay sellers to discover that they’ve been defrauded discovered eBay were refunding fees before they discovered they’d been scammed.

On Friday, Roshni from Style It Up UK left a comment on Tamebay asking if anyone had managed to recover the stolen funds or been covered by eBay for the losses. She followed this via email and today I spoke to Roshni to find out more and there are some interesting twists to her case which we’ve not seen before.

Initially, it was a familiar story. A hacker changed the PayPal payment email address and funds from future sales were diverted to the scammer. We’ve now verified over £300,000 of losses from around 18 eBay accounts. The average loss is around £16.5k with the largest we’re aware of being £70k. In Roshni’s case the loss was around £4k.

The first point to note is that Roshni uses eBay Business Rules and the hacker, having gained access to the Style It Up eBay account added a new Business Rule with the fake eBay address. The rest of the scam followed the now normal method of registering an email address swapping just one letter of the genuine email address to make spotting the scam harder.

We’re constantly hearing people say that the sellers affected should have spotted the scam, which in this case started in April 2019 and was discovered in August 2019. However it’s nigh on impossible for most businesses to reconcile eBay sales to PayPal payments – experienced eBay sellers will know that the first priority each day is to get sales picked, packed and shipped and if eBay say that an order has been paid for sellers trust that eBay is right.

The second point which makes this case unique is that eBay started to refund fees around the 6th of August. Roshni only realised this a week later when, having discovered the fraud when trying to refund a sale where the scammer had stolen the funds, she phoned eBay. eBay then revealed they were well aware that proceeds of sales had gone to a scammer and told her they’d already been refunding the fees. What eBay didn’t do is, when they first started to refund fees, tell Roshni she’d been scammed and lost thousands of pounds.

eBay had sent an email on the 7th of August saying that they believed the account had been used fraudulently. eBay forced a reset of the eBay password and unlinked the associated PayPal account. Generally, linking your PayPal account is just so that eBay can collect eBay fees however and what eBay didn’t do was to remove the fraudulent business rule with the fake PayPal address. Indeed, when talking to eBay support, they seemed unaware of the existence of Business Rules to set the PayPal payment email address and Roshni had to talk them through where it was!

Perhaps the most interesting aspect of this case is that eBay discovered it and started to refund seller fees for transactions where the proceeds were stolen. Are eBay starting to scan seller accounts specifically to pick up this fraud as if so this would be a major step forward. If you receive an email saying fees have been refunded for unauthorized use of your account this should set the alarm bells ringing. Don’t just secure your account, immediately check for fake email addresses.

Prior to speaking to Roshni, we received the following comment from eBay. We were unable to reach them to highlight this latest case and verify if they are actively scanning accounts for the fraud, or if the fraud on Roshni’s account was picked up at random.

“Millions of people use eBay safely every day and cases like this are extremely rare. We invest heavily in measures to protect our users from privacy and security threats, including investment in teams dedicated to safety, customer service and law enforcement liaison.
Fraudsters use very sophisticated methods to try and circumvent trusted website security and we continuously enhance and update our security infrastructure to tackle new fraud trends.
From enabling two-step verification, to regularly changing your password, we encourage all members to take precautions that will improve the level of security protection on their accounts.”

– eBay Spokesperson

Roshni has now implemented two-step verification on the Style It Up eBay account, although it’s a nuisance not least of which PIN codes only go to a single person. They’ve resorted to requesting a PIN and then requesting the PIN a second time which they are then able to get via email.

  • Al
    6 months ago

    BTW – My account got scammed in the same way on 21st Aug 19….I noticed the scam on 6th Sep 19. Iost round £1k (so far)

  • robin
    6 months ago

    eBay should refund ALL stolen money from the moment they started refunding fees – not only fees – as they KNEW there was a problem – but done NOTHING to protect seller.

  • Alistair
    6 months ago

    We got caught in the same way last year, we now have only one payment rule in the business policy, and I check every morning to make sure there is still only one and it has the correct email address. First we knew about this was when we were contacted by Police online fraud squad, ever since then I check daily.

  • Mark
    6 months ago

    If the scammed account is in the UK then under the law the business facilitating the scam after they become aware of it is fully liable for all losses.

  • Toby
    6 months ago

    After reading all this, it is safecto say that ebay really is a shambles and a fraudsters paradise. C.S seem untrained in many areas and it is hit and miss as to want answer you get. It certainly isn’t inspiring to sellers and more and more people i speak to don’t use ebay simply because of fraud. How bad that a business such as ebay is avoided because of the amount of fraud…
    No business can withstand that reputation forever

  • 6 months ago

    This is (one of) the reasons I do our banking every day.
    It’s simple, you can use Tradebox or whatever to bring your sales into Sage (or whatever), make sure the income for those sales is mapped to a nominal code for Paypal accounts, then you download your Paypal statement and match the two up.
    Takes me 15 mins max each day to do with a few formulas in the spreadsheet.
    Happy to share how I do it if anyone wants help.

  • Rodney
    6 months ago

    Its just happened to us with the robber using 51 different email addresses and Paypal accounts now of which were verfied lost over £45k. Does anyone know legal company with knowledge to challenge Ebay to get this money back ?

    • 5 months ago

      @Rodney Whilst I believe that eBay are in the main responsible for not doing enough to prevent the scam, using 51 different email addresses with PayPal accounts is a different matter.

      I am not sure how many email addressess you can have on a Paypal account, I think it is 5, so at least 10+ Paypal accounts would have needed to be used, so I do think that Paypal need to look at how these accounts are being used / opened.

      In the meantime I am trying to change my Paypal email address on eBay, for legitimate reasons, and it would seem that it is not possible. eBay are saying there is a technical issue.

  • 6 months ago

    @Rodney I am really sorry to read that.

    I have pretty much followed every avenue that is possible and have still not got anywhere. A class action could be one option as every other day there seems to be a new case.

    FYI this is what we have done so far.
    Contacted the local Police, reported to Action Fraud, opened a case with the Information Commissioner and the Financial Ombudsman, tried multiple times with eBay and PayPal by e-mail, phone, letter, twitter, contacted my local MP who has written to the Secretary of State for Business (reply received today from Brandon Lewis MP saying that they do not get involved with individual cases and saying I had done the right thing contacting INaction Fraud) (my MP has now written to Rob Hattrell MD of eBay UK), obtained the services of a online security expert who is working on our case looking into the sever logs that eBay have provided and finally going public (most have seen the story on the Daily Mail Online) .

    To date none of this has resulted in anything leaving the only option of going legal.

    I would be interested to talk to anyone who has lost money from this fraud and who feel strongly enough to explore a legal challenge.

    I have identified a firm of Solicitors who specialise in this area so an initial consultation would be the next step.

    It has been nearly 2 months since we discovered our fraud and I just cannot believe that eBay still have not taken action to stop this and @Rodney has been losing money during this time.

    If you want to know what the absolute pinnacle of Corporate Bulls**t, smugness and hypocrisy is then have a read of all the articles that Chris has written and then watch this video.

    I am just lost for words 🙁

    • Roger
      5 months ago

      I must extend my sincere appreciation to you going public in the press with the issue. I did read the article in The Mail and much like a commenter upthread who confidently states it only affects anyone with lax password security I assumed it was the case, unlikely to affect me, and turned the page.

      It was only several weeks later scrolling through a listing revision I thought I spotted something with the paypal email and recalled your article and checked more thoroughly.

      This was several weeks after so ebay had still not done anything when it ought to have been straightforward to follow up on any accounts sending payments to different paypal accounts for different listings. I do find it odd it seems to be somewhat more than just avoid a small amount of superficially bad PR as you would think it’s clearly in ebay’s interest to ensure the financial security of sellers.

  • S__B
    6 months ago

    you can add us to the list

    over the last 90 days it’s approx 4 grand we have lost

    ebay locked us out to make us change passwords on the 4th September – but did not tell us that there may have been changes made to our listings.

    Given that ebay knew about this scam for months and hasn’t issued an email to all sellers

    Given that it would take me 10 minutes to write a SQL query on the database to count and identify sellers where more than one email address was in use over there listings, then those sellers could have been notified to do a check that they were aware of this

    looks like ebay have sat on their hands on this one

    As far as I can see I can’t get any report out of the system which lists the payment address so there is no easy way to check all listings each morning

  • s__b
    6 months ago

    I will be contacting the Information Commissioner’s Office on Monday as I believe this is a breach of the GDPR laws, ebay are aware that they are passing customers data to criminals and have undertaken no action to prevent this, or stop this happening

    Hundreds of my customers data has been fed into criminal paypal account – I am sure ebay customers would be shocked to find this has been happening to them and that their details are now in the hands of a fraudster

    If anyone else has been affected please also report this to the ICO as that is our best chance of a huge monetary fine being enacted against EBAY

    • 6 months ago

      You may be right.
      We came across this recent interesting tidbit on Sydney Schuster’s blog:

      “😩 If you’re in the UK and [“Marketplace”] won’t let you delete your banking or credit card information from your account, [“Marketplace”] violated the Data Protection Act 1998. In the EU or UK, [“Marketplace”] violated GDPR laws if your account was hijacked and/or your personal data were stolen in a hack (Articles 33–34: Organizations must report a breach within 72 hours to data protection authorities; [“Marketplace”] didn’t). [“Marketplace”] also violated GDPR’s “Right to Be Forgotten” clause by not purging your data when you quit and/or closed your shop. Also under GDPR, [“Marketplace”] is legally responsible for third parties (websites, app developers, consultants, etc.) mishandling your personal data. Report GDPR infractions by going to”

  • Rodney
    6 months ago

    Richard, would like to speak if possible can you contact me on

  • James Woods
    6 months ago

    Why does anyone expect ebay or paypal to refund them.

    It’s you that got hacked/phished, not them.

    If you can’t keep your self secure online maybe you shouldn’t be online.

    • 5 months ago

      @James Woods, there is some truth in what you say and it has been said before, but after people have been scammed eBay are reluctant to offer any help or provide information relating to how the scam happened.

      It may NOT be down to sellers, it may be a problem with eBay and the less they assist the more it looks bad for them.

      They should be working very hard to protect the integrity of their marketplace as well as sellers using it, but they are failing to do so.

  • 6 months ago

    It’s remarkable Marie Oh Huber (eBay SVP Legal Affairs) apparently deleted her Twitter account after being tagged in recent mention of the eBay email fraud exploit vector:


  • s__b
    6 months ago

    James Woods

    I think you are being a bit unfair there – we have fully scanned all pc we use – no virus and the virus checkers run automatically,

    I have just reported to ebay that the token generation process forced me to do it twice, the first time no token is shown to you, the second time the token appears

    We did this same process about 6 weeks back, it did the exact same thing, that day I spend about 10 minutes looking around all the tabs to find the token, then thought did I press cancel or do something wrong and did it again and got the token

    This might be the problem, it might not, as I know some sellers don’t use api – just that everything now becomes suspect and the fact that having done it today I am definitely sure it wasn’t me making a mistake on the first pass through and hense have reported it and repeated the process with ebay on the phone, ebay have promised that they will check it out.

    Has anyone else affected received the lockout email detailing which item no were affected? I would have hoped that this would have been a system wide check to protect all sellers and buyers

  • Mark
    5 months ago

    Just take a look at thrid party permissions and the amount of repeated ebay ones in there is as confusing as it gets and when you telephone and ask why they have not got as clue what any mean or which department generates them.
    so you have no chance.

  • s__b
    5 months ago


    I only have 2 one is mine and the other is Lithium Technologies which are the company that runs the discussion board.

    Well i did yesterday, until i went to check the name of lithium, only to find today I have another one eBay Marketplace

    Sighs, maybe your right Mark

  • Roger
    5 months ago

    Yes, we have had this and lost around £18k since it started early in the year. As per others they chose a small cunning selection of longstanding listings with large volumes sold where the listing was unlikely to end or be revised so the subtle change in one letter of the email address could be spotted, not that anyone would be looking for it.

    I am pretty much 100% that nobody could have guessed the very secure unique to ebay password I used and neither have I fallen victim to any sort of phishing scam – as an aside I suspect all the many phishing emails I receive come courtesy of ebay feeling the need to display my full details at the bottom of all the listings.

    My feeling is the person(s) behind this scam may potentially have obtained the access to edit listings by working in some role at ebay where although they may not be able to access passwords (although I would not rule it out) they may well with suitable administrator rights be able to edit listings.

  • Rodney
    5 months ago

    Sorry you mis understood, we only used one email address and paypal account the crimnals used 51 different email address to non verfied PP accounts which were switched just before they reach their limit

    • 5 months ago

      @Rodney Yes I understood that, I was questioning how the scammers could open 51 legitimate accounts, but you have now confirmed they are using non verfied PP accounts.

      But ultimately it is eBay that are responsible for not fixing a serious problem as soon as they became aware of it.

  • Rodney
    5 months ago

    I agree or Paypal !

  • Mark
    5 months ago

    ebay never fix anything that is wrong or useful they just mess about round the edges and stuff all sellers just keep taking their money.

    We still cannot directly send a VAT receipt through ebay. which should be simple as other platforms do it. so what do you expect.
    Its not them getting robbed.

  • Terry
    5 months ago

    James Woods you are assuming it was the people who were hacked maybe it was ebay……

    Picking the highest selling items in certain areas, then ebay refunding fees, please tell me why ebay would refund the fees if they dont have to.

    Also why refund fees and say nothing.

    Ebay knows something here, I believe ebay was hacked and not these individuals, that my friends is a whole different ball game.

  • 5 months ago

    We was scammed at the started of last year for just over £30k due to the PayPal address’s being changed.

    I am still completely clueless how this happened, as we are very vigilant opening emails and have never been compromised on any other sites.

    Ebay and PayPal where completely uncooperative. Paypal acknowledged the scammers PayPal account was frozen weeks before we discovered the compromise, and PayPal just continued to allow payments to be sent to them. As far as I am aware the funds are still frozen in this account. Ebay just deflect the issue to PayPal, and have not offered to refund fee’s or anything.

    We contacted Actionfraud, who have not offered any help either. They simply said ‘There is no sufficient enough evidence for them to investigate’.

    If anyone wants to contact me, please email my personal email address

Welcome to our Tamebay Guide. Companies listed in the directory represent the leading suppliers in the UK and Europe.


eBay’s mission is to be the world’s favourite destination for discovering great value and unique selection


PayPal Working Capital is a merchant cash advance linked directly to your PayPal account.

See More Companies >