eBay refund fees to PayPal payment email address scam victim before they discover the fraud

By Chris Dawson September 10, 2019 - 8:00 pm

eBay may have started taking action on the PayPal email payment address scam which numerous sellers have fallen victim to. One of the latest eBay sellers to discover that they’ve been defrauded discovered eBay were refunding fees before they discovered they’d been scammed.

On Friday, Roshni from Style It Up UK left a comment on Tamebay asking if anyone had managed to recover the stolen funds or been covered by eBay for the losses. She followed this via email and today I spoke to Roshni to find out more and there are some interesting twists to her case which we’ve not seen before.

Initially, it was a familiar story. A hacker changed the PayPal payment email address and funds from future sales were diverted to the scammer. We’ve now verified over £300,000 of losses from around 18 eBay accounts. The average loss is around £16.5k with the largest we’re aware of being £70k. In Roshni’s case the loss was around £4k.

The first point to note is that Roshni uses eBay Business Rules and the hacker, having gained access to the Style It Up eBay account added a new Business Rule with the fake eBay address. The rest of the scam followed the now normal method of registering an email address swapping just one letter of the genuine email address to make spotting the scam harder.

We’re constantly hearing people say that the sellers affected should have spotted the scam, which in this case started in April 2019 and was discovered in August 2019. However it’s nigh on impossible for most businesses to reconcile eBay sales to PayPal payments – experienced eBay sellers will know that the first priority each day is to get sales picked, packed and shipped and if eBay say that an order has been paid for sellers trust that eBay is right.

The second point which makes this case unique is that eBay started to refund fees around the 6th of August. Roshni only realised this a week later when, having discovered the fraud when trying to refund a sale where the scammer had stolen the funds, she phoned eBay. eBay then revealed they were well aware that proceeds of sales had gone to a scammer and told her they’d already been refunding the fees. What eBay didn’t do is, when they first started to refund fees, tell Roshni she’d been scammed and lost thousands of pounds.

eBay had sent an email on the 7th of August saying that they believed the account had been used fraudulently. eBay forced a reset of the eBay password and unlinked the associated PayPal account. Generally, linking your PayPal account is just so that eBay can collect eBay fees however and what eBay didn’t do was to remove the fraudulent business rule with the fake PayPal address. Indeed, when talking to eBay support, they seemed unaware of the existence of Business Rules to set the PayPal payment email address and Roshni had to talk them through where it was!

Perhaps the most interesting aspect of this case is that eBay discovered it and started to refund seller fees for transactions where the proceeds were stolen. Are eBay starting to scan seller accounts specifically to pick up this fraud as if so this would be a major step forward. If you receive an email saying fees have been refunded for unauthorized use of your account this should set the alarm bells ringing. Don’t just secure your account, immediately check for fake email addresses.

Prior to speaking to Roshni, we received the following comment from eBay. We were unable to reach them to highlight this latest case and verify if they are actively scanning accounts for the fraud, or if the fraud on Roshni’s account was picked up at random.

“Millions of people use eBay safely every day and cases like this are extremely rare. We invest heavily in measures to protect our users from privacy and security threats, including investment in teams dedicated to safety, customer service and law enforcement liaison.
Fraudsters use very sophisticated methods to try and circumvent trusted website security and we continuously enhance and update our security infrastructure to tackle new fraud trends.
From enabling two-step verification, to regularly changing your password, we encourage all members to take precautions that will improve the level of security protection on their accounts.”

– eBay Spokesperson

Roshni has now implemented two-step verification on the Style It Up eBay account, although it’s a nuisance not least of which PIN codes only go to a single person. They’ve resorted to requesting a PIN and then requesting the PIN a second time which they are then able to get via email.

  • Al
    1 week ago

    BTW – My account got scammed in the same way on 21st Aug 19….I noticed the scam on 6th Sep 19. Iost round £1k (so far)

  • robin
    7 days ago

    eBay should refund ALL stolen money from the moment they started refunding fees – not only fees – as they KNEW there was a problem – but done NOTHING to protect seller.

  • Alistair
    7 days ago

    We got caught in the same way last year, we now have only one payment rule in the business policy, and I check every morning to make sure there is still only one and it has the correct email address. First we knew about this was when we were contacted by Police online fraud squad, ever since then I check daily.

  • Mark
    7 days ago

    If the scammed account is in the UK then under the law the business facilitating the scam after they become aware of it is fully liable for all losses.

  • Toby
    7 days ago

    After reading all this, it is safecto say that ebay really is a shambles and a fraudsters paradise. C.S seem untrained in many areas and it is hit and miss as to want answer you get. It certainly isn’t inspiring to sellers and more and more people i speak to don’t use ebay simply because of fraud. How bad that a business such as ebay is avoided because of the amount of fraud…
    No business can withstand that reputation forever

  • 6 days ago

    This is (one of) the reasons I do our banking every day.
    It’s simple, you can use Tradebox or whatever to bring your sales into Sage (or whatever), make sure the income for those sales is mapped to a nominal code for Paypal accounts, then you download your Paypal statement and match the two up.
    Takes me 15 mins max each day to do with a few formulas in the spreadsheet.
    Happy to share how I do it if anyone wants help.

  • Rodney
    4 days ago

    Its just happened to us with the robber using 51 different email addresses and Paypal accounts now of which were verfied lost over £45k. Does anyone know legal company with knowledge to challenge Ebay to get this money back ?

  • @Rodney I am really sorry to read that.

    I have pretty much followed every avenue that is possible and have still not got anywhere. A class action could be one option as every other day there seems to be a new case.

    FYI this is what we have done so far.
    Contacted the local Police, reported to Action Fraud, opened a case with the Information Commissioner and the Financial Ombudsman, tried multiple times with eBay and PayPal by e-mail, phone, letter, twitter, contacted my local MP who has written to the Secretary of State for Business (reply received today from Brandon Lewis MP saying that they do not get involved with individual cases and saying I had done the right thing contacting INaction Fraud) (my MP has now written to Rob Hattrell MD of eBay UK), obtained the services of a online security expert who is working on our case looking into the sever logs that eBay have provided and finally going public (most have seen the story on the Daily Mail Online) .

    To date none of this has resulted in anything leaving the only option of going legal.

    I would be interested to talk to anyone who has lost money from this fraud and who feel strongly enough to explore a legal challenge.

    I have identified a firm of Solicitors who specialise in this area so an initial consultation would be the next step.

    It has been nearly 2 months since we discovered our fraud and I just cannot believe that eBay still have not taken action to stop this and @Rodney has been losing money during this time.

    If you want to know what the absolute pinnacle of Corporate Bulls**t, smugness and hypocrisy is then have a read of all the articles that Chris has written and then watch this video.

    I am just lost for words 🙁

  • S__B
    4 days ago

    you can add us to the list

    over the last 90 days it’s approx 4 grand we have lost

    ebay locked us out to make us change passwords on the 4th September – but did not tell us that there may have been changes made to our listings.

    Given that ebay knew about this scam for months and hasn’t issued an email to all sellers

    Given that it would take me 10 minutes to write a SQL query on the database to count and identify sellers where more than one email address was in use over there listings, then those sellers could have been notified to do a check that they were aware of this

    looks like ebay have sat on their hands on this one

    As far as I can see I can’t get any report out of the system which lists the payment address so there is no easy way to check all listings each morning

  • s__b
    4 days ago

    I will be contacting the Information Commissioner’s Office on Monday as I believe this is a breach of the GDPR laws, ebay are aware that they are passing customers data to criminals and have undertaken no action to prevent this, or stop this happening

    Hundreds of my customers data has been fed into criminal paypal account – I am sure ebay customers would be shocked to find this has been happening to them and that their details are now in the hands of a fraudster

    If anyone else has been affected please also report this to the ICO as that is our best chance of a huge monetary fine being enacted against EBAY

    • 3 days ago

      You may be right.
      We came across this recent interesting tidbit on Sydney Schuster’s blog:

      “😩 If you’re in the UK and [“Marketplace”] won’t let you delete your banking or credit card information from your account, [“Marketplace”] violated the Data Protection Act 1998. In the EU or UK, [“Marketplace”] violated GDPR laws if your account was hijacked and/or your personal data were stolen in a hack (Articles 33–34: Organizations must report a breach within 72 hours to data protection authorities; [“Marketplace”] didn’t). [“Marketplace”] also violated GDPR’s “Right to Be Forgotten” clause by not purging your data when you quit and/or closed your shop. Also under GDPR, [“Marketplace”] is legally responsible for third parties (websites, app developers, consultants, etc.) mishandling your personal data. Report GDPR infractions by going to”

  • Rodney
    4 days ago

    Richard, would like to speak if possible can you contact me on

  • James Woods
    3 days ago

    Why does anyone expect ebay or paypal to refund them.

    It’s you that got hacked/phished, not them.

    If you can’t keep your self secure online maybe you shouldn’t be online.

    • 2 days ago

      @James Woods, there is some truth in what you say and it has been said before, but after people have been scammed eBay are reluctant to offer any help or provide information relating to how the scam happened.

      It may NOT be down to sellers, it may be a problem with eBay and the less they assist the more it looks bad for them.

      They should be working very hard to protect the integrity of their marketplace as well as sellers using it, but they are failing to do so.

  • 3 days ago

    It’s remarkable Marie Oh Huber (eBay SVP Legal Affairs) apparently deleted her Twitter account after being tagged in recent mention of the eBay email fraud exploit vector:


  • s__b
    2 days ago

    James Woods

    I think you are being a bit unfair there – we have fully scanned all pc we use – no virus and the virus checkers run automatically,

    I have just reported to ebay that the token generation process forced me to do it twice, the first time no token is shown to you, the second time the token appears

    We did this same process about 6 weeks back, it did the exact same thing, that day I spend about 10 minutes looking around all the tabs to find the token, then thought did I press cancel or do something wrong and did it again and got the token

    This might be the problem, it might not, as I know some sellers don’t use api – just that everything now becomes suspect and the fact that having done it today I am definitely sure it wasn’t me making a mistake on the first pass through and hense have reported it and repeated the process with ebay on the phone, ebay have promised that they will check it out.

    Has anyone else affected received the lockout email detailing which item no were affected? I would have hoped that this would have been a system wide check to protect all sellers and buyers

  • Mark
    2 days ago

    Just take a look at thrid party permissions and the amount of repeated ebay ones in there is as confusing as it gets and when you telephone and ask why they have not got as clue what any mean or which department generates them.
    so you have no chance.

  • s__b
    1 day ago


    I only have 2 one is mine and the other is Lithium Technologies which are the company that runs the discussion board.

    Well i did yesterday, until i went to check the name of lithium, only to find today I have another one eBay Marketplace

    Sighs, maybe your right Mark

Have your say

View our Comment Policy

Featured in this article from the Tamebay Guide – companies that can help you grow and manage your business.


eBay’s mission is to be the world’s favourite destination for discovering great value and unique selection


PayPal Working Capital is a merchant cash advance linked directly to your PayPal account.

See More Companies >

Recent Comments

6 hours ago
Derek Duval: My concern with Ebay promoted listings is how come when I get a sale of...
10 hours ago
unsuckEBAY: It's extremely disappointing eBay *still* has not remedied the lack of seller fee disclosures when...
15 hours ago
Toby: So let me get this right.... Consumer research suggests 26% of people do xmas shopping...
16 hours ago
Chris Dawson: It was only two weeks ago we told you about the promotion. Now we are...