advertisement


Advice Please Possible Paypal Fraud

Hi guys, an update for those interested.

My daughter's bank (M&S) have blocked all payments to papal and are investigating the potential fraud, the bank wants to know how this issues occurred so fair play to them.

Her back up bank account (RBS) has canceled the card associated with her Paypal account and so far no attempt to take payment has occurred.

Once it's absolutely clear that no monies will be removed from my daughter's bank accounts then she is going to cancel the PayPal pal account and rethink how she pays for online purchases in future, she's talking about opening a separate account and just using that for online purchases and depositing money to that account whenever she makes an online purchase.

Thanks for all of the advice and help guys.

I'll update this thread if we find out how the account/phone was compromised.

Kind regards

Tony
 
The WiFi security wpa2 is not secure and can be compromised very very easily by someone who knows what they are doing. We had a demo from NCSC not long ago and it was surprising how easy and prevalent it is. So much so that I now have a firewall between my LAN and WiFi access point and never use WiFi to shop online.
 
Well Paypal have been in touch and they've attempted to take £355 from my daughter's bank account but obviously she's managed to circumvent that but Paypal are now saying that she basically owes them £355 and she should lodge sufficient funds to clear the debt but that ain't going to happen.

I've told her to phone them and try to get someone who'll listen but not to pay.

Presumably Paypal will escalate this to a debt recovery company and maybe ultimately court action but my daughter didn't purchase this item or authorise the purchase so she's not liable for the debt however presumably PayPal has paid John Lewis and John Lewis has delivered the item so there's a paper trail now.

This will be interesting.

Thanks

Tony
 
How do paypal explain allowing JL to send to a none verified PP address? It's in their Ts and Cs after all. She's right to tell them to do one.
 
sq225917 said:
How do paypal explain allowing JL to send to a none verified PP address? It's in their Ts and Cs after all. She's right to tell them to do one.
Click to expand...

I've no idea mate and I had no idea that you could do that either but it seems that you can, certainly on JL's website there is that option.

There's absolutely no way the item was bought by my daughter and there's no way that she allowed someone to used her phone/laptop/iPad to access her account, at the time of the purchase she had her phone with her the entire time which is why she was able to act so quickly re closing bank accounts etc when she received the Paypal transaction email.
 
Just to clarify the situation.

Someone has accessed her JL account online, ordered the goods, then managed to send it to another address but you have been notified that the initial delivery address was the account registered one, ie yours.

Was the address change done via her JL account ?

Can she access & view the order online at JL to see where it eventually ended up being delivered & I assume signed for ?
 
AV8 said:
Just to clarify the situation.

Someone has accessed her JL account online, ordered the goods, then managed to send it to another address but you have been notified that the initial delivery address was the account registered one, ie yours.

Was the address change done via her JL account ?

Can she access & view the order online at JL to see where it eventually ended up being delivered & I assume signed for ?
Click to expand...

The fraudster used their own or another JL account and ordered the Sonos and then paid for it using my daughter's PayPal account but changed the name on the PayPal account to Lucas from Elizabeth and obviously changed the delivery details on the JL site however the PayPal transaction email showed the delivery address as my/our address.

So going by the Paypal transaction email the item should have been delivered here but the fraudster appears to have changed the delivery details on the JL site however JL now won't talk to my daughter they'll only talk to her bank's fraud team.

She can access her own JL account but that doesn't show anything about the item or purchaser it only shows legitimate purchases that she made with JL the most recent of which was July 1st the day before the fraud.

Thanks.

Tony
 
  • Like
Reactions: AV8
So in order to 'update' your 'legal' name or 'update' your name on your Paypal account you have to do the following so how could someone change the name on my daughter's PayPal account?

Update your legal name
  1. Please upload:
  2. A copy of a government-issued photo identification (ID) that shows your entire face and an ID number.
  3. AND
  4. A copy of 1 of the following documents:
    • A recent utility bill showing your new name and address exactly as they appear on your PayPal account.
    • A recent financial statement for the bank account attached to your PayPal account. Make sure it shows your correct name and your current address.
    • A recent proof of residency document that shows your correct name and your current address.
    • Your driving licence that shows your correct name and your current address.
    • Your national ID card that shows your correct name and current address.
    • Your recent postal insurance bill that shows your correct name and your current address.
    • Your recent rates of council tax bill that shows your correct name and current address.
    • Your location confirmation letter from PayPal that shows your current address.
  5. AND
  6. A copy of 1 of the following documents:
    • Your change of name certificate.
    • Your photo ID.
Choose a File
Your file must be a .PDF, .JPG, or .PNG. Make sure the filename is less than 40 characters and the file size is less than 2 MB.

Don't have a photo of your document saved on your computer? Visit our website to upload from your phone.

You can also send us copies by post.

Update your name
  1. Please upload:
  2. A copy of a government-issued photo identification (ID) that shows your entire face and an ID number.
  3. AND
  4. A copy of 1 of the following documents:
    • A recent utility bill showing your new name and address exactly as they appear on your PayPal account.
    • A recent financial statement for the bank account attached to your PayPal account. Make sure it shows your correct name and your current address.
    • A recent proof of residency document that shows your correct name and your current address.
    • Your driving licence that shows your correct name and your current address.
    • Your national ID card that shows your correct name and current address.
    • Your recent postal insurance bill that shows your correct name and your current address.
    • Your recent rates of council tax bill that shows your correct name and current address.
    • Your location confirmation letter from PayPal that shows your current address.
Choose a File
Your file must be a .PDF, .JPG, or .PNG. Make sure the filename is less than 40 characters and the file size is less than 2 MB.

Don't have a photo of your document saved on your computer? Visit our website to upload from your phone.

You can also send us copies by post.
 
That sounds far too complex for a single small purchase. Get her to ask PayPal when the account name was changed and what type of docs were submitted. If they cant prove it was changed, sod them, they'll lose in court.

I'd put money on the fact being a hole in JLs security that allows any paypal acct to pay for any item and then change the receivers details as held by jlc. Ie once payment is made to jl they dont hold up to PayPals registered address self rules. So the fault is there's combined.

Take it to court.
 
AV8 said:
Thanks for clarifying, this sounds sophisticated, also sounds like an inside job at JL or Paypal o_O
Click to expand...

More likely someone has captured Elizabeth's paypal password, seen a purchase from JL the day before in her paypal history, seen an opportunity for another repeat JL order and JL may have slack delivery address security hence the different delivery address.
 
Mark Grant said:
More likely someone has captured Elizabeth's paypal password, seen a purchase from JL the day before in her paypal history, seen an opportunity for another repeat JL order and JL may have slack delivery address security hence the different delivery address.
Click to expand...

Sounds plausible Mark but that doesn't explain the name change?

I've no doubt though that the purchase the day before from JL is linked to this in some way.
 
twotone said:
I have a Draytek Vigor 2862 router with all of the settings default more or less and the firewall is definitely switched on.
Click to expand...

I remember the thread.

https://www.pinkfishmedia.net/forum/threads/router-advice-recommendations.214536/

That was in April 2018, have you updated the firmware since buying it ?

In May 2018 Draytek issued this:
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

It was all over the internet.
https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-under-attack/

https://www.theregister.co.uk/2018/05/21/draytek_routers_security_vulnerability/

https://www.ispreview.co.uk/index.p...es-popular-draytek-broadband-isp-routers.html

I would check which version firmware is in your router as if not updated is vulnerable to a DNS problem and MITM type problem.
If affected updating the firmware wont fix it, settings need correcting after the firmware update.
Post screen grabs if you need any help. You need to check the DNS settings and to check there are no remote users enabled that you don't know of as that is how your IP address is used remotely.
 
twotone said:
I asked my daughter about this last night and she said that the name change was only on the delivery details not her PayPal account so that must mean that JL allowed the name change.
Click to expand...

In that case I'd be asking questions of JL, that is somewhat alarming to read.
 
In saying that you know, I have ordered from JL & sent an in item to my brother at another address, pretty sure I added the address without any questions asked on my JL account. So it seems that Paypal allow the payment to JL through themselves on the basis that JL do the delivery schedule according to the JL address. No need for a confirmed Paypal address mularkey at all.

That is a definite loophole.
 
Mark Grant said:
I remember the thread.

https://www.pinkfishmedia.net/forum/threads/router-advice-recommendations.214536/

That was in April 2018, have you updated the firmware since buying it ?

In May 2018 Draytek issued this:
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

It was all over the internet.
https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-under-attack/

https://www.theregister.co.uk/2018/05/21/draytek_routers_security_vulnerability/

https://www.ispreview.co.uk/index.p...es-popular-draytek-broadband-isp-routers.html

I would check which version firmware is in your router as if not updated is vulnerable to a DNS problem and MITM type problem.
If affected updating the firmware wont fix it, settings need correcting after the firmware update.
Post screen grabs if you need any help. You need to check the DNS settings and to check there are no remote users enabled that you don't know of as that is how your IP address is used remotely.
Click to expand...

Hi Mark, yes the firmware has been updated twice I think currently running

Current Firmware Version: 3.9.0_BT

Where do I go to check the DNS settings?

Thanks

Tony

Just checked the router settings re that link above and they appear fine so far and I did change the router password shortly after installing the router.

I'll keep checking the settings and report back later on got to out with the dog just now.

Thanks

Tony
 
You must log in or register to reply here.


advertisement


Back
Top