I was just scammed on eBay, and I may be out $525.

I ordered an electric fireplace/TV stand using “buy it now” and I paid via PayPal. The product shipped but never came. I went to look at tracking info today, and UPS reported that the item has been delivered to me at an address in Ozone Park, NY, which is not mine. UPS apparently didn’t require a signature and left the package at this other address.

I checked my eBay and PayPal accounts, and sure enough the delivery address on my eBay account somehow had been hacked and changed without me noticing. My PayPal account had not been compromised, so it did have my correct address on file.

My gut tells me the seller is somehow involved, because someone elected to use the eBay address rather than the PayPal address. Of course the seller told me it’s not its problem because the item was delivered.

I’ve opened cases at both eBay and PayPal but am less than optimistic.:butt:

I was just scammed on eBay, and I may be out $525.

I ordered an electric fireplace/TV stand using “buy it now” and I paid via PayPal. The product shipped but never came. I went to look at tracking info today, and UPS reported that the item has been delivered to me at an address in Ozone Park, NY, which is not mine. UPS apparently didn’t require a signature and left the package at this other address.

I checked my eBay and PayPal accounts, and sure enough the delivery address on my eBay account somehow had been hacked and changed without me noticing. My PayPal account had not been compromised, so it did have my correct address on file.

My gut tells me the seller is somehow involved, because someone elected to use the eBay address rather than the PayPal address. Of course the seller told me it’s not its problem because the item was delivered.

I’ve opened cases at both eBay and PayPal but am less than optimistic.:butt:

Sorry to hear. Just FYI i only use ebay addresses when i ship as they are the most convenient to find and i would also assume that the adress on ebay is the one that ebay would want me to ship to. That said there is little insentive for anyone else to change your adress i guess :(

Hope it resolves for the best.

If someone can access your account and change your address they would start ordering things, not wait for you to order stuff.

Very weird.

If someone can access your account and change your address they would start ordering things, not wait for you to order stuff.

Very weird.

Perhaps not if they could not log in to paypal as they would then not be able to actually make the payment.

Bot eBay and PayPal include insurance
Call payPal 1st

Bot eBay and PayPal include insurance
Call payPal 1st

Called them both. Also called UPS. UPS suggested that I have seller request a package pickup and redelivery to my correct address. The Seller is refusing. I think the seller is the scammer. It sells goods, and then evades delivery (by delivering them to an address of a conspirator) so that it can resell them. It makes no sense that only this order and not other contemporaneous orders were sent to an incorrect address.

Called them both. Also called UPS. UPS suggested that I have seller request a package pickup and redelivery to my correct address. The Seller is refusing. I think the seller is the scammer. It sells goods, and then evades delivery (by delivering them to an address of a conspirator) so that it can resell them. It makes no sense that only this order and not other contemporaneous orders were sent to an incorrect address.

but how would seller have access to your account to change the address...

this makes no sense man, he waited for you to buy something and then hacked your ebay account to change an address.

Some weird thing going on for sure but don't think it is the seller.

Look at it from the sellers point of view!

Not requiring a signature on delivery for a high value item does sound a bit dodgy/stupid.

I'm really not sure how someone would hack your ebay account though, and change the address. Are you sure?

Can you get the address from the seller then go there to ask for the item??

I got a box put in the wrong door one day and the owner of the house did not even bother taking the box inside, 11pm and the box was still outside.

ugh. sorry to hear about that.

with how big a deal this online "black friday week" craze seems to have gotten the scumbags seem to try new ways to steal a buck.

my guess though, is that there are enough layers of protection, between ebay, paypal and likely the credit card you have linked to sort you out. hopefully anyway.

Can you get the address from the seller then go there to ask for the item??

I got a box put in the wrong door one day and the owner of the house did not even bother taking the box inside, 11pm and the box was still outside.

I have the address. Ozone Park is probably 3-4 hours away. I’m by Saratoga. The fact that the seller is refusing to request a package pickup through UPS suggests to me that it is part of the scam. It is easy for the seller to do and if it was left at a wrong address, it’s possible the package is still there and the issue would be resolved. I don’t know how it was done, but something is fishy here. The seller is just too unwilling to help when you’d think it would want to just to generate goodwill.

I have the address. Ozone Park is probably 3-4 hours away. I’m by Saratoga. The fact that the seller is refusing to request a package pickup through UPS suggests to me that it is part of the scam. It is easy for the seller to do and if it was left at a wrong address, it’s possible the package is still there and the issue would be resolved. I don’t know how it was done, but something is fishy here. The seller is just too unwilling to help when you’d think it would want to just to generate goodwill.

If he sent it to the wrong address, then ebay and paypal will back you up. BUT...ebay/paypal allow you to enter other ship to addresses. It seems implausible that he hacked your account, entered wrong address, then switched it back. Either he sent it to the wrong address, or you had the wrong address entered in your ebay account some how. I have multiple addresses in mine.

Maybe he's refusing because UPS will charge him more and he feels he sent to correct address? Or maybe he's refusing because you've concluded he scammed you and doesn't want to help anymore? Sorry, this is happening, but I suspect there's a sensible explanation that doesn't include the seller hacking your account. Good luck.

Djg pal,
In my mind, the bigger concern is finding out how the wrong address ended up in your account in the first place.

Sometimes if you punch in the address on Google ,it may provide some particulars like a phone number. You can call to verify.

If he sent it to the wrong address, then ebay and paypal will back you up. BUT...ebay/paypal allow you to enter other ship to addresses. It seems implausible that he hacked your account, entered wrong address, then switched it back. Either he sent it to the wrong address, or you had the wrong address entered in your ebay account some how. I have multiple addresses in mine.

Maybe he's refusing because UPS will charge him more and he feels he sent to correct address? Or maybe he's refusing because you've concluded he scammed you and doesn't want to help anymore? Sorry, this is happening, but I suspect there's a sensible explanation that doesn't include the seller hacking your account. Good luck.

I checked my shipping addresses after I saw that the item had been delivered to to the Ozone Park address. I instantly changed it back on eBay and set a new password. It hadn’t been changed on PayPal. I most certainly didn’t add the address (and don’t recognize it). Nor did I authorize delivery without a signature.

As others have said, if you could hack the account, it would seem that you’d use it before the hack was detected. The fact that the item was one of relatively sizable expense that can be readily resold as new makes me wonder. What kind of seller of a big-ticket item allows delivery without a signature?

I checked my shipping addresses after I saw that the item had been delivered to to the Ozone Park address.

Were you able to verify your shipping address at any point during the ordering process, esp. the last step before final confirmation and invoicing?

you didn't verify the shipping address at any point during the ordering process, esp. the last step before final confirmation and invoicing?

I saw it on PayPal when I made the payment and didn’t think to look at eBay.

I checked my shipping addresses after I saw that the item had been delivered to to the Ozone Park address. I instantly changed it back on eBay and set a new password. It hadn’t been changed on PayPal. I most certainly didn’t add the address (and don’t recognize it). Nor did I authorize delivery with a signature.

As others have said, if you could hack the account, it would seem that you’d use it before the hack was detected. The fact that the item was one of relatively sizable expense that can be readily resold as new makes me wonder. What kind of seller of a big-ticket item allows delivery without a signature?

From where was the item shipped? How long did it take you to pay after you bought the item on ebay? He woulda had to "hack" your account between the time you bought it and the time you paid for it, because you select ship to address at time of payment. For me, this is usually about 10 seconds, and rarely more than an hour, but not always. That's a very tight window to have done as you suggest. For sure, something doesn't add up. Could it be an address another family member entered?

EDIT: I just noticed you used Buy It Now. Since you select your ship to address at the time you pay, and you pay at the time you buy, then it's highly improbable he hacked you in the couple seconds between buying it now, and paying.

From where was the item shipped? How long did it take you to pay after you bought the item on ebay? He woulda had to "hack" your account between the time you bought it and the time you paid for it, because you select ship to address at time of payment. For me, this is usually about 10 seconds, and rarely more than an hour, but not always. That's a very tight window to have done as you suggest. For sure, something doesn't add up. Could it be an address another family member entered?

I agree with you. It was paid for instantly. It was shipped the next day. I’m not sure what happened here, but something is not right.

I agree with you. It was paid for instantly. It was shipped the next day. I’m not sure what happened here, but something is not right.
Log on to paypal and look at your transaction receipt. Does it show the Ozone Park address? If so, that's the one that was selected at time of payment at the moment you bought it. Somehow this was in your ebay account, but it's virtually impossible the seller placed it there.

If the paypal transaction shows YOUR address, then yes, something got changed and it wasn't you. You select the ship to address when you buy and pay, and your paypal transaction record will show what you selected, even if you didn't know you selected it.

Hope this helps, even if it's not the news you'd like to hear.

EDIT: One time I did the same and selected an out of state address from an old employer of mine, still with address in my ebay account. It was shipped to them, and I never got the item. But it was my mistake for selecting the wrong address and not paying better attention.

Log on to paypal and look at your transaction receipt. Does it show the Ozone Park address? If so, that's the one that was selected at time of payment at the moment you bought it. Somehow this was in your ebay account, but it's virtually impossible the seller placed it there.

If the paypal transaction shows YOUR address, then yes, something got changed and it wasn't you. You select the ship to address when you buy and pay, and your paypal transaction record will show what you selected, even if you didn't know you selected it.

Hope this helps, even if it's not the news you'd like to hear.

PayPal had my correct address as the delivery address. eBay listed my correct address as my “primary” address and the Ozone park address as my “delivery address.” The item was purchased from a seller in Olean, NY, which is in the western part of the State south of Buffalo.

PayPal had my correct address as the delivery address. eBay listed my correct address as my “primary” address and the Ozone park address as my “delivery address.” The item was purchased from a seller in Olean, NY, which is in the western part of the State south of Buffalo.

If the item was shipped to an address that wasn't the ship to address on your paypal payment receipt, then you have a very strong case, since you never authorized delivery to Ozone Park. It's all right there on the transaction receipt in paypal.

If the item was shipped to an address that wasn't the ship to address on your paypal payment receipt, then you have a very strong case, since you never authorized delivery to Ozone Park. It's all right there on the transaction receipt in paypal.

I’m hopeful. I need to wait 10 days to see what happens. In the meanwhile, I’m going to try to have UPS go back to the house. I did a google search of the address and it looks to be residential, i.e, small homes with enclosed porches. Maybe it’s still there, but doubtful.

I’m hopeful. I need to wait 10 days to see what happens. In the meanwhile, I’m going to try to have UPS go back to the house. I did a google search of the address and it looks to be residential, i.e, small homes with enclosed porches. Maybe it’s still there, but doubtful.

Good luck!! Please update this thread when you figure it out.

I Think you are misunderstanding one another or do the op really have ebay saying ship to "this" adress while paypal receipt showing ship to "another" adress? That dont sound very likely

The fact that paypal does not show or have all your possible ebay shipping destinations means little imo. If the receipt says that adress and the seller shipped to that adress its very hard to fault him for this unlucky situation. id be really annoyed if i was the seller on this one with the info we have thus far.

I Think you are misunderstanding one another or do the op really have ebay saying ship to "this" adress while paypal receipt showing ship to "another" adress? That dont sound very likely

The fact that paypal does not show or have all your possible ebay shipping destinations means little imo. If the receipt says that adress and the seller shipped to that adress its very hard to fault him for this unlucky situation. id be really annoyed if i was the seller on this one with the info we have thus far.

The paypal receipt shows the ship to address selected by the buyer, intentionally or not. If the paypal receipt shows the Ozone Park address, it's hard to fault the seller and unlikely he had any part of this. If it shows Saratoga, then something is fishy. It's really as simple as this.

Sellers only have protection if they ship to the address that is "confirmed" by PAYPAL. eBay addresses mean nothing in regard to a dispute. PayPal states multiple times that sellers are only protected if they ship to this confirmed address.

djg21, did your order ship from out of the country?

Where is the Ebay vendor located?

Sure are a ton of Chinese vendors scamming buyers lately. Word on the street is that Ebay likely makes money whether there is a legit sale or not, at least on a percentage of these purchases.

Ebay is a Wall St. outfit and for the most part they are only looking at the numbers.
That vendors can even make their feedback "private" and thus completely devoid of details of what sold or why a buyer left negative feedback is telling!
I know someone who just got scammed on suspension fork purchase out of China, though it remains to be seen if he won't get all of his money back. The seller even sent an envelope so as to generate tracking and a delivery timetable, but the delivery of it oddly went to a somewhat nearby domestic address so as to look like a simple shipping error and so as to buy time before a request for refund could be generated. The post office informed him that this had become a well-known scam. I wonder if it was perhaps merely an envelope that got shipped in your case(?). Would be great to find out, but one should waste no time in filing for a refund.

This doesn't explain the "hacking" part of this, which is making the whole thing very interesting.

Saturday.... I was the OP i would drive to the address and knocking at the door. Maybe the dude hasnt even open the box and is trying to figure that out, maybe the dude is thinking in going to USPS to return the box, I do believe was a weird mistake, who knows but the 100 bucks in fuel worth to go to ask.

The seller might even have the addressee (sp) phone number you know.

A weird tale. Negative feedback is a killer on eBay, and the whole network is so directed towards buyers rather than sellers, I'd expect that you're going to get satisfaction, eventually.

Saturday.... I was the OP i would drive to the address and knocking at the door. Maybe the dude hasnt even open the box and is trying to figure that out, maybe the dude is thinking in going to USPS to return the box, I do believe was a weird mistake, who knows but the 100 bucks in fuel worth to go to ask.

The seller might even have the addressee (sp) phone number you know.

The Seller supposedly was from Olean, NY, but it appears from the UPS shipping info that the product shipped from Carlisle, PA. As I noted, UPS suggested that I ask the seller to issue a package pickup so the driver can go to the home where it was left and try to pick the package up and redeliver it to me. The Seller is refusing to help in any manner.

This is the item: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemVersion&item=112331371598&view=all&tid=1736962908001

https://www.ebay.com/itm/Southern-Enterprises-Claremont-Corner-Media-Infrared-Fireplace-Brown-Mahogany/112331371598?epid=1690386470&hash=item1a2778b44e:g:YFsAAOSwsW9Yw65k

way too many negative feedback.

https://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=sarafankit2009&iid=112331371598&de=off&items=25&searchInterval=30&which=negative&interval=30&_trkparms=negative_30

The Seller supposedly was from Olean, NY, but it appears from the UPS shipping info that the product shipped from Carlisle, PA. As I noted, UPS suggested that I ask the seller to issue a package pickup so the driver can go to the home where it was left and try to pick the package up and redeliver it to me. The Seller is refusing to help in any manner.

This is the item: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemVersion&item=112331371598&view=all&tid=1736962908001

Gone. PM-ed.

Way too many items, wonder if this guy is a broker. He is the front but the guy that actually sends the item is the one that has the item, and that could explain why the item comes from somewhere else. THe other situation is that this bozo sells so much that one extra bad review is not a big deal.

Hope you paid this with your credit card, sure you might get the money back with them, and quicker.

100 bad reviews in less than a month, that sucks but with the volume that guy handles is not even a problem.

Looking at the item.......I think you've dodged a bullet!

https://i.ebayimg.com/images/g/YFsAAOSwsW9Yw65k/s-l500.jpg

If you look up the shipping address, it is probably an international freight forwarder.

Typical scam:
1) You get a convincing email from eBay saying "update your information" - being tired or having a long day, you click through the link in the email and enter your details, they now have your username/password.

2) They update your shipping address to an international freight forwarding service or an abandoned building.

3) They sit back and wait for free stuff.

This can be entirely automated and sent to millions and millions of people, so the low ROI doesn't matter. It is far more likely than a seller conspiracy. And even if it is, the resolution is exactly the same:

Your entire dispute with eBay should be: "My account was hacked and someone changed my shipping address" - they should take care of it.

Looking at the item.......I think you've dodged a bullet!

https://i.ebayimg.com/images/g/YFsAAOSwsW9Yw65k/s-l500.jpg

Wood powered TV's are the hottest new thing!

If you look up the shipping address, it is probably an international freight forwarder.

Typical scam:
1) You get a convincing email from eBay saying "update your information" - being tired or having a long day, you click through the link in the email and enter your details, they now have your username/password.

2) They update your shipping address to an international freight forwarding service or an abandoned building.

3) They sit back and wait for free stuff.

This can be entirely automated and sent to millions and millions of people, so the low ROI doesn't matter. It is far more likely than a seller conspiracy. And even if it is, the resolution is exactly the same:

Your entire dispute with eBay should be: "My account was hacked and someone changed my shipping address" - they should take care of it.

I spent a number of years earlier in my career prosecuting consumer protection matters and am generally pretty savvy at recognizing them. I do not follow links in e-mails, and usually check the ISP addresses if I have any doubt about authenticity. As I paid by PayPal, I got a confirmation instantly and never looked at the follow-up email closely. That was my error. I didn’t realize the item had been shipped to Ozone park until I looked at the tracking info after the delivery seemed late. I still don’t understand why the seller would not require a signature confirmation, or why it is refusing to contact UPS to request a pickup. My gut is telling me that the seller is into this up to its eye balls.

I’m going to visit the NYSP and fill out a report today. I tried to contact the NYC Police precinct in Ozone Park, and it can’t do anything until I file a complaint. In the meanwhile, I found the following info on line at http://www.newyorkrenters.us/contact-info/784841/:

Miguel Padilla is a Home Renter, 76-77 years old, located at 9410A Linden Blvd, Ozone Park City, Queens County, New York 11417-2516 for 01 Years. tel (718) 848-1643.

I tried the telephone number and left a message. And binxnyrwarrsoul has graciously agreed to drop by the address and see if perhaps the package is still on the front stoop.

Thanks for the update. Hoping for the best!

And I appreciate your original post - it's something I'll be looking for going forward as I use eBay quite a bit. I had one very screwy incident with eBay where I placed a bid once for $100, but when the page refreshed after a second or two it said I bid something like $250. I called eBay and the person I talked to didn't believe me...

Way too many items, wonder if this guy is a broker. He is the front but the guy that actually sends the item is the one that has the item, and that could explain why the item comes from somewhere else. THe other situation is that this bozo sells so much that one extra bad review is not a big deal.

Hope you paid this with your credit card, sure you might get the money back with them, and quicker.

100 bad reviews in less than a month, that sucks but with the volume that guy handles is not even a problem.

From a google search, seller Sarafankit2009 appears to be based in India and runs a couple of different eBay stores.

If you look up the shipping address, it is probably an international freight forwarder.

Typical scam:
1) You get a convincing email from eBay saying "update your information" - being tired or having a long day, you click through the link in the email and enter your details, they now have your username/password.

2) They update your shipping address to an international freight forwarding service or an abandoned building.

3) They sit back and wait for free stuff.

This can be entirely automated and sent to millions and millions of people, so the low ROI doesn't matter. It is far more likely than a seller conspiracy. And even if it is, the resolution is exactly the same:

Your entire dispute with eBay should be: "My account was hacked and someone changed my shipping address" - they should take care of it.

Just got off phone with eBay. I’m told that my account was compromised last month and the shipping address was changed.

I recall getting an email from eBay around that time asking me to reset my password. Using a web browser, I navigated to settings in MyEbay and changed my password, but I had no idea that my address information had been changed and didn’t look. eBay is conducting a fraud investigation, and also will be contacting the seller to determine why the seller is refusing to have UPS attempt to pick up the package.

eBay also told me that signature confirmations are only required when items cost more that $750:

“Remember, to be covered by the eBay Money Back Guarantee we require signature confirmation for packages valued at more than $750. If your transaction is $750 or more, signature confirmation will be preselected for you. You can remove this option, however, requiring a signature at delivery helps protect you if your buyer doesn't receive the item and opens a case.”

http://pages.ebay.com/help/pay/shipping-tips.html

Mysteriously, gone.

Id call up ebay customer support and ask for a history of changes to the acct. Should narrow down when/who changed the shipping address

Mysteriously, gone.



Id call up ebay customer support and ask for a history of changes to the acct. Should narrow down when/who changed the shipping address


eBay is investigating. My account apparently was accessed in late October and the shipping address on file was changed. It wasnt the seller. But the seller still is pond scum. There is no reason for the ass to refuse to help me try to find the shipment. Hopefully eBay will cover my costs.


Sent from my iPhone using Tapatalk

Interesting to see that the information on the sale has by now expired or somehow been "removed".

Ebay claims that this is usually because the transaction is more than 90 days old(???).

I get the sense that Ebay may clean up dirt to hide bad transactions, another example of their simply following the money.

First it's "private" feedback privileges for rogue sellers, and now this.

While I’m not quite yet counting my chickens, it looks like eBay will be covering this and refunding my purchase price on account of the fact that my eBay account had been hacked and my shipping address altered unbeknownst to me.

I was required to file a Complaint with the FBI’s Internet Crime Complaint Center, https://www.ic3.gov/complaint/default.aspx/, which I just did, so hopefully this will be at an end and I will be made whole soon.

My thanks go out to binxnyrwarrsoul, who went out of his way to visit the residence in Ozone Park where my goods were delivered. Of course, the packages were long gone, but thanks for trying. Rob’s assistance really speaks highly of the sense of community on this forum, irrespective of differences we may at times have.

Thanks again Rob!

Thats really nice of you binxnyrwarrsoull! I applaud you :banana:

Ebay F$&*ed me. It’s refusing to refund my purchase price because my account was hacked in October and my purchase was made in late November. It doesn’t matter that I didn’t buy or sell anything on eBay in the interim. eBay is now telling me to take the matter up with PayPal, which already denied my claim because the item supposedly was delivered. In the meanwhile, it also deleted the bad feedback I left the seller. I’m done with eBay and PayPal.

Ebay F$&*ed me. It’s refusing to refund my purchase price because my account was hacked in October and my purchase was made in late November. It doesn’t matter that I didn’t buy or sell anything on eBay in the interim. eBay is now telling me to take the matter up with PayPal, which already denied my claim because the item supposedly was delivered. In the meanwhile, it also deleted the bad feedback I left the seller. I’m done with eBay and PayPal.

Sucks--it seems to be the 'new normal'--finger pointing. Keep at it though--even if you have to threaten small claims court. (I find the first and second level eBay people are the worst customer service reps I have had to deal with to date--they will lie to your face to get you off the phone--even the so-called "supervisors.)

And how would you know that the account had been hacked until you had something shipped?

Our Neflix account was recently hacked, and a second account was opened using our AMEX. It took my wife a couple of months to notice that a second payment had been going through on a different day (and for a different amount) than our regular account. (And because it was a second account, we had no visibility into its details).

Netflix (even though the hack was likely on their side) would only refund the most recent month's second charge, and argued that AMEX should cover the other second payments. Meanwhile, as the AMEX people said, what they saw at their end was two legitimate charges approved by Netflix...

AMEX did resolve--but it was unfair to them.

Sucks--it seems to be the 'new normal'--finger pointing. Keep at it though--even if you have to threaten small claims court. (I find the first and second level eBay people are the worst customer service reps I have had to deal with to date--they will lie to your face to get you off the phone--even the so-called "supervisors.)

And how would you know that the account had been hacked until you had something shipped?

Our Neflix account was recently hacked, and a second account was opened using our AMEX. It took my wife a couple of months to notice that a second payment had been going through on a different day (and for a different amount) than our regular account. (And because it was a second account, we had no visibility into its details).

Netflix (even though the hack was likely on their side) would only refund the most recent month's second charge, and argued that AMEX should cover the other second payments. Meanwhile, as the AMEX people said, what they saw at their end was two legitimate charges approved by Netflix...

AMEX did resolve--but it was unfair to them.

PayPal told me to call my bank. My bank is going to investigate, and do what? Require PayPal to reimburse it so my bank can reimburse me?

This is dumb. I figured they just want to make it difficult enough to dissuade me from pursuing the matter,
.

As a former seller on Ebay, I seem to recall that PayPal required sellers to use the address that they listed as part of their terms of service.

Not sure whether this would apply in your case, but I had a couple of incidents in the last few years where a "recurring" PayPal charge was paid out of my bank account. I called my bank to say I did not authorize or recognize this charge. My bank immediately refunded me the payment and opened an "investigation." Not sure what they investigated, but in the end I got to keep the refunded payment, I assume because the vendor admitted they charged me for some recurring thing I had never authorized. In both cases, I had authorized the initial, one-time payment, but never authorized another one. My bank's investigation bore that out somehow, so the payments were refunded to me and I don't know if the bank got reimbursed by the vendor or not. In both cases, the charges were under $50, so that may explain why the bank did not seem worried about refunding me the payments.

Ebay F$&*ed me. It’s refusing to refund my purchase price because my account was hacked in October and my purchase was made in late November. It doesn’t matter that I didn’t buy or sell anything on eBay in the interim. eBay is now telling me to take the matter up with PayPal, which already denied my claim because the item supposedly was delivered. In the meanwhile, it also deleted the bad feedback I left the seller. I’m done with eBay and PayPal.

This is ridiculous I’d appeal

Not sure whether this would apply in your case, but I had a couple of incidents in the last few years where a "recurring" PayPal charge was paid out of my bank account. I called my bank to say I did not authorize or recognize this charge. My bank immediately refunded me the payment and opened an "investigation." Not sure what they investigated, but in the end I got to keep the refunded payment, I assume because the vendor admitted they charged me for some recurring thing I had never authorized. In both cases, I had authorized the initial, one-time payment, but never authorized another one. My bank's investigation bore that out somehow, so the payments were refunded to me and I don't know if the bank got reimbursed by the vendor or not. In both cases, the charges were under $50, so that may explain why the bank did not seem worried about refunding me the payments.


I’m at this stage right now. My bank is investigating.

As a former seller on Ebay, I seem to recall that PayPal required sellers to use the address that they listed as part of their terms of service.

That was my recollection too, and precisely why I never looked at the address on file with eBay. I have a confirmed PayPal account and the shipping address is always in the email confirming payment. I guess that this has changed given that eBay owns PayPal now.

Ebay divested Paypal a few years ago. Not sure if that changed anything.

That was my recollection too, and precisely why I never looked at the address on file with eBay. I have a confirmed PayPal account and the shipping address is always in the email confirming payment. I guess that this has changed given that eBay owns PayPal now.

This issue has been resolved. While neither eBay nor PayPal would cover the loss (notwithstanding eBay’s supposed money back guarantee), the PayPal agent I spoke with suggested that I might contact my bank and make a fraud claim. I wasn’t optimistic, but contacted my bank as suggested. I got notified yesterday that the bank had completed its investigation and determined that the transfer of funds to PayPal to cover the purchase at issue was unauthorized, and it credited my account.

I guess it’s now between PayPal, eBay and the seller to determine who is going to eat the loss, but it won’t be me. My heart bleeds for Sarafan2009, the seller who refused to lift a finger to help me recoup the goods that it shipped to a fraudulent address with no request for delivery confirmation.

In the interim, PayPal is requiring me to jump through all sorts of hoops to verify my identity and account information before I can use it again. My bank now has a service called Zelle that I can use for free to make payments, and I also use Apple Cash, so I likely will not use PayPal again.

Thanks for all the suggestions, support and assistance!

Bravo. Patience is rewarded though Ebay/Paypal should have refunded you much sooner.

Wow! Nice going! So, the bank is going after EBay/PPL/and-or Seller?

Wow! Nice going! So, the bank is going after EBay/PPL/and-or Seller?

The bank in essence reversed the transfer of funds into PayPal. I don’t know what PayPal will do now vis a vis eBay and the seller, if anything.

The bank in essence reversed the transfer of funds into PayPal. I don’t know what PayPal will do now vis a vis eBay and the seller, if anything.



If you have a secondary source of payment at PayPal, maybe they’ll go after that? Would be wise to remove that secondary method of payment, if you have it.


Sent from my iPhone using Tapatalk Pro

If you have a secondary source of payment at PayPal, maybe they’ll go after that? Would be wise to remove that secondary method of payment, if you have it.


Sent from my iPhone using Tapatalk Pro

Nope. There is no other source of payment. My guess is that this will ultimately fall on eBay, as it was my eBay account that somehow was hacked. It should have honored its guarantee in the first place.

djg21, that's fantastic, at least you got your money back.

Thanks for persisting through, and following up here to inform as to what measures got the job done!!!

djg pal, sorry you have to go through all of these, glad to that hear your bank has stepped up to resolve this for you.

glad to hear you didnt have to eat the loss, but it is ultimately pretty disappointing in both ebay and paypal. it should be reasonable to assume that with the fees they charge that there should be a realistic level of protection when buying something. In this case, clearly you paid for an item that you never received and at the end of the day - that isn't fair.

glad to hear you didnt have to eat the loss, but it is ultimately pretty disappointing in both ebay and paypal. it should be reasonable to assume that with the fees they charge that there should be a realistic level of protection when buying something. In this case, clearly you paid for an item that you never received and at the end of the day - that isn't fair.

I agree its disappointing by ebay and paypal.
However if the seller ends up paying for this i think that is completely unfair to, after all he did nothing wrong as far as anyone know. Yes he should have been more helpful in trying to help out but if sent the goods to the adress that was listed to him and have proof of delivery its seems like he shouldn't take a loss imo.

I agree its disappointing by ebay and paypal.
However if the seller ends up paying for this i think that is completely unfair to, after all he did nothing wrong as far as anyone know. Yes he should have been more helpful in trying to help out but if sent the goods to the adress that was listed to him and have proof of delivery its seems like he shouldn't take a loss imo.

yes, agreed. ebay and paypal have mega budgets and should have a line item in their spreadsheet for "losses" and should make people whole when crap like this happens. we swallow paypal fees because we assume some level of protection.

in a case like this, it's neither the fault of the buyer or seller. if any blame can be assigned, it is to ebay. in 2017, it is really important to have bulletproof cyber security, and if someone managed to hack in, the responsibility is on them IMO to make seller whole.

I am glad the OP was made whole but eBay, PayPal, and his bank ultimately did not have to do anything. Just because they are mega corporations with lots of money does not matter.

Where is the personal responsibility?

Your account was hacked. That is not eBay, PayPal, or your bank's fault; it is yours. Use a secure password. Anything less than 15 characters with a mix of upper case, lower case, numbers, and special characters can be hacked by a computer system in only a few hours. You also mentioned that you remember receiving an email to update your account information, my guess is that was a really good SPAM/phishing email and someone stole your credentials. Keep good anti-virus on your computer. Use a good ad-blocker. Use a password manager. Never click on links or download stuff in an email. Don't even open an email you do not recognize - just delete it.

eBay even has a decent security page explaining some basics steps to keep your account safe: https://pages.ebay.com/securitycenter/protect_your_information.html#

PayPal has a good one two:
https://www.paypal.com/us/webapps/mpp/security/security-protections

As a cyber-security professional with multiple industry certifications and more than 20 years professional experience, most hacks are completed due to user error and not because technical defenses fail.

Sorry to sound harsh but I can't feel bad for someone who got hacked if they do not do everything to protect themselves. Use this as a learning experience to better secure your computers and the web based services you use.




yes, agreed. ebay and paypal have mega budgets and should have a line item in their spreadsheet for "losses" and should make people whole when crap like this happens. we swallow paypal fees because we assume some level of protection.

in a case like this, it's neither the fault of the buyer or seller. if any blame can be assigned, it is to ebay. in 2017, it is really important to have bulletproof cyber security, and if someone managed to hack in, the responsibility is on them IMO to make seller whole.

NYC pal, thanks for providing your perspective.

I agree with you on the personal responsibility part in terms of protecting ourselves.

I also think that cyber criminals have stepped up in their arsenals in recent years, recruited the best (albeit misguided) brains, and have become more blatant and sophisticated to the point that we are now just playing catch up.

It's cyber warfare and like all wars, it's complicated.

Your account was hacked. That is not eBay, PayPal, or your bank's fault; it is yours. ...

Sorry to sound harsh but I can't feel bad for someone who got hacked if they do not do everything to protect themselves.

i appreciate your perspective as well, and agree with what you're saying concerning personal accountability, but your words above are, IMO too harsh.

i hardly ever think it's appropriate to tell someone that has been taken advantage of that it is their fault. we can, and should all do what we can to protect ourselves, but i dont think it's fair to say it's your fault if you are a victim of a crime.

I am glad the OP was made whole but eBay, PayPal, and his bank ultimately did not have to do anything. Just because they are mega corporations with lots of money does not matter.

Where is the personal responsibility?

Your account was hacked. That is not eBay, PayPal, or your bank's fault; it is yours. Use a secure password. Anything less than 15 characters with a mix of upper case, lower case, numbers, and special characters can be hacked by a computer system in only a few hours. You also mentioned that you remember receiving an email to update your account information, my guess is that was a really good SPAM/phishing email and someone stole your credentials. Keep good anti-virus on your computer. Use a good ad-blocker. Use a password manager. Never click on links or download stuff in an email. Don't even open an email you do not recognize - just delete it.

eBay even has a decent security page explaining some basics steps to keep your account safe: https://pages.ebay.com/securitycenter/protect_your_information.html#

PayPal has a good one two:
https://www.paypal.com/us/webapps/mpp/security/security-protections

As a cyber-security professional with multiple industry certifications and more than 20 years professional experience, most hacks are completed due to user error and not because technical defenses fail.

Sorry to sound harsh but I can't feel bad for someone who got hacked if they do not do everything to protect themselves. Use this as a learning experience to better secure your computers and the web based services you use.

While it is possible, maybe even likely, that his account password was weak and was compromised, I haven't seen any evidence to support that jump to conclusions. As a network security professional, you are well aware that there are many ways to hack an account besides cracking the password. I think your response was just a little bit over the top.

I am glad the OP was made whole but eBay, PayPal, and his bank ultimately did not have to do anything. Just because they are mega corporations with lots of money does not matter.

Where is the personal responsibility?

Your account was hacked. That is not eBay, PayPal, or your bank's fault; it is yours. Use a secure password. Anything less than 15 characters with a mix of upper case, lower case, numbers, and special characters can be hacked by a computer system in only a few hours. You also mentioned that you remember receiving an email to update your account information, my guess is that was a really good SPAM/phishing email and someone stole your credentials. Keep good anti-virus on your computer. Use a good ad-blocker. Use a password manager. Never click on links or download stuff in an email. Don't even open an email you do not recognize - just delete it.

eBay even has a decent security page explaining some basics steps to keep your account safe: https://pages.ebay.com/securitycenter/protect_your_information.html#

PayPal has a good one two:
https://www.paypal.com/us/webapps/mpp/security/security-protections

As a cyber-security professional with multiple industry certifications and more than 20 years professional experience, most hacks are completed due to user error and not because technical defenses fail.

Sorry to sound harsh but I can't feel bad for someone who got hacked if they do not do everything to protect themselves. Use this as a learning experience to better secure your computers and the web based services you use.

I think you confused this forum with vsalon.

my new PP rule is keep a low to no balance and make purchases with a quality credit card. It has paid off once already.

if you get jacked by a seller you can dispute with your CC people, they usually issue a chargeback on the spot. puts the burden on PP and the seller to prove you didn't get jacked.

i love my visa buyer protection feature.

I was not looking for a fight. This was not meant to be an attack on the OP. It's a view point. Take it or leave it.

My frustration is that everybody wants to blame something or someone else when a bad thing happens but nobody ever wants to take personal responsibility for their own actions and how it may have directly caused the outcome.

Yes, it sucks that the OP potentially made a mistake that resulted in this outcome but why should a non-responsible party (eBay, PayPal, his bank) have to make him whole again? They did not do anything wrong. eBay, PayPal, and your bank are supposed to protect you against fraud. This was not fraud. This was an account that got hacked which 99.999999999% of the time is the account owners fault for not protecting it correctly. The OP by his own admission stated that he was not careful checking addresses and emails which I give him huge credit for doing but can he honestly say that he followed all the security precautions listed on the eBay security page?

I'll heed Angry's comments about community norms and use them as a guide for future posts.

nevermind :)

carry on, this is an interesting discussion.

I have one email account (i.e. buyer@something.com) that I use for my eBay and related Paypal "buyer" accounts.

I have another email account (i.e. seller@something.com) that I use for my eBay and related Paypal "seller" accounts.

I use a password manger and set a strong 15 character password for eMail, eBay, and PayPal accounts (as well as any other web based accounts I use) .

In addition, I use two-factor authentication on my email accounts.

I have a work email account.
I have an email account I only use for web purchases (not ebay).
I have an email account for job searches.
I have an email account for family/friends.
And so on....

The point of all of this it to shrink your attack vector so even if someone hacks an account, they only have access to that account and nothing else.

Everyone should use two-factor authentication on your email accounts. If your email account is hacked, think of how many places the attacker now controls? They can go to any service, put in your email, get a password reset, and now they own that other account (ebay, paypal, amazon, apple, netflix, hulu, your bank, etc.) as well.

Just some friendly advice from your local cyber security professional.

This was not fraud. This was an account that got hacked which 99.999999999% of the time is the account owners fault for not protecting it correctly.actually it was both. fraud using a hacked account.

if you accidentally leave your door unlocked and someone walks in and steals your bike, are you gonna call the insurance company or just suck it up and "use it as a learning experience" as you suggested the OP do?

Your account was hacked. That is not eBay, PayPal, or your bank's fault; it is yours. Use a secure password. Anything less than 15 characters with a mix of upper case, lower case, numbers, and special characters can be hacked by a computer system in only a few hours. You also mentioned that you remember receiving an email to update your account information, my guess is that was a really good SPAM/phishing email and someone stole your credentials. Keep good anti-virus on your computer. Use a good ad-blocker. Use a password manager. Never click on links or download stuff in an email. Don't even open an email you do not recognize - just delete it.

As a cyber-security professional with multiple industry certifications and more than 20 years professional experience, most hacks are completed due to user error and not because technical defenses fail.

Sorry to sound harsh but I can't feel bad for someone who got hacked if they do not do everything to protect themselves. Use this as a learning experience to better secure your computers and the web based services you use.
:eek: Ha... ha.. ha.
I suppose the victim always eventually gets blamed. It's a fraudulent (note, not accidental or deceptive, but fraudulent) purchase so why should the victim be responsible for more than the bare minimum? Aren't you faulting Paypal or eBay for allowing a default address? Or for not implementing multi-factor authentication?

Maybe you deal with computer illiterate folks all day but most of us don't appreciate the condescending tone. Lets keep it to the bikes

The post changed before I could respond.

You used the word victim in your original response. I guess it all depends on how you define that word. If a person can say they 100% did everything they could to protect themselves, then yes, they are a victim of a crime.

It also depends how you define fraud. IMHO....
- If I buy something on eBay, and what I get does not match the description and pictures because the seller knowingly made false statements and used pictures that did not truly represent the item being sold, that is fraud in my opinion and why eBay and PayPal have protections in place to deal with it.
- If a set my eBay account password to "password" (yes, I am using an extreme example to make a point), someone "hacks" my account and changes my shipping address, a few days later I purchase an expensive TV from an account holder in India, ignore the information on the confirmation emails, and then it gets shipped to that fake address, then I am responsible. I am not a victim of fraud. It is still illegal and a robbery but that is for the authorities to help catch the person and recover what they can but it is not a case in which eBay and/or Paypal should make you whole. Can you prove the seller was involved because that will be the first question the police will ask you.



nevermind :)

carry on, this is an interesting discussion.

You used the word victim in your original response. I guess it all depends on how you define that word. If a person can say they 100% did everything they could to protect themselves, then yes, they are a victim of a crime.


i dont want to start a fight either, but your response is ridiculous, IMO.

let's take these examples and apply your criteria above:

-home gets burglarized. owner had the doors locked, but did not have steel frame doors, reinforced frames and double dead bolts installed. is he not the victim of burglary?

-bike is locked up while owner gets a coke. stolen. bike was locked with a cable lock, not NYC U-Lock. is this owner not a victim of a crime?

-young women is walking down the street and get raped. she was walking alone in the dark. is she not the victim of a crime?

or do you believe those people are at fault for not doing 100% of the things to protect themselves?

also - how is what happened here NOT fraud?

fraud
frôd/Submit
noun
wrongful or criminal deception intended to result in financial or personal gain.

how does one do that?

i'm familiar with the "auth" app but that's for other things.

dunno how to have 2-factor on something like hotmail or gmail.



Everyone should use two-factor authentication on your email accounts. If your email account is hacked, think of how many places the attacker now controls? They can go to any service, put in your email, get a password reset, and now they own that other account (ebay, paypal, amazon, apple, netflix, hulu, your bank, etc.) as well.

Just some friendly advice from your local cyber security professional.

I think we're getting a little too deep into semantics. As someone that also works in Information Security, unless a company is insuring against unauthorized access to your account then I don't see how it should be that company's responsibility if you are a victim of fraud. This is different than if said company was hacked and your information was disclosed as a result of that. Companies have a responsibility to protect your information against those kinds of threats.

Your bank and credit card companies for example, build in insurance into their service offering. Most companies on the internet, however, do not.

If you get a phishing email and give the scammers your Amazon password and then they order a bunch of goods because of it, is that Amazon's fault or yours? Should Amazon be required to eat the cost of it? Does that change if it's your local buddy's bike shop? If so, why?

I have one email account (i.e. buyer@something.com) that I use for my eBay and related Paypal "buyer" accounts.

I have another email account (i.e. seller@something.com) that I use for my eBay and related Paypal "seller" accounts.

I use a password manger and set a strong 15 character password for eMail, eBay, and PayPal accounts (as well as any other web based accounts I use) .

In addition, I use two-factor authentication on my email accounts.

I have a work email account.
I have an email account I only use for web purchases (not ebay).
I have an email account for job searches.
I have an email account for family/friends.
And so on....

The point of all of this it to shrink your attack vector so even if someone hacks an account, they only have access to that account and nothing else.

Everyone should use two-factor authentication on your email accounts. If your email account is hacked, think of how many places the attacker now controls? They can go to any service, put in your email, get a password reset, and now they own that other account (ebay, paypal, amazon, apple, netflix, hulu, your bank, etc.) as well.

Just some friendly advice from your local cyber security professional.

This is very interesting to me, I have never been hacked and I dont want to be, but its a shame there is not a simpler way to control all of this.

@54ny77

https://support.google.com/accounts/answer/185839?hl=en

actually it was both. fraud using a hacked account.

if you accidentally leave your door unlocked and someone walks in and steals your bike, are you gonna call the insurance company or just suck it up and "use it as a learning experience" as you suggested the OP do?

Fraud: wrongful or criminal deception intended to result in financial or personal gain.
Robbery: the action of robbing a person or place.

I sort of agree.....A hacker fraudulently used an account to deceive the buyer and steal his goods. That is robbery. As far as I know, eBay and PayPal are not responsible for robbery. That is when you call the police. Same as in your example.

You are wrong about the insurance company though because you are making an Apples to Oranges comparison. The insurance company was not a party to the original transaction. Did the OP have an insurance policy from an insurance company for his eBay transaction because that is not the same as asking eBay, PayPal, or your bank to make you whole after the fact? eBay and PayPal do not offer insurance on transactions, they offer protections against fraudulent listing information and non-shipment of goods you paid for.

Your logic is flawed. That's like saying from your bike example that the person who had his bike stolen should call his bike shop and ask them to make him whole because he originally bought the bike from them.

And if you leave your door open (i.e. use a simple password for your account), how are you not at least partially responsible for you acts?



:eek: Ha... ha.. ha.
I suppose the victim always eventually gets blamed. It's a fraudulent (note, not accidental or deceptive, but fraudulent) purchase so why should the victim be responsible for more than the bare minimum? Aren't you faulting Paypal or eBay for allowing a default address? Or for not implementing multi-factor authentication?

Maybe you deal with computer illiterate folks all day but most of us don't appreciate the condescending tone. Lets keep it to the bikes

I am not faulting eBay or PayPal for anything. How is it their fault the account got hacked and an address got changed. The victim is responsible for not protecting the account securely. The person who hacked the OP's account is responsible for the theft by fraud. I am just saying it is not eBay and PayPal's responsibility to deal with theft by hacked account.



I am sorry if tone was inferred because it was not implied. I am still new here (better known across the hall) so most people would not know that there is no tone or condescending attitude. I am just a facts based type of person and my writing style usually reflects that.

@KarlC for the most part you can up your security posture significantly by doing two things:

Enable multi factor auth whenever available.

Use different passwords for each website. Password managers help in this regard.

Between those two things you should be covered for most situations. Also, for everyone, I highly recommend watching a few training videos on phishing. Our baseline phishing succeptibility rate was 30% prior to active training of our staff, now it hovers around less than 1%.

exactly.

I think we're getting a little too deep into semantics. As someone that also works in Information Security, unless a company is insuring against unauthorized access to your account then I don't see how it should be that company's responsibility if you are a victim of fraud. This is different than if said company was hacked and your information was disclosed as a result of that. Companies have a responsibility to protect your information against those kinds of threats.

Your bank and credit card companies for example, build in insurance into their service offering. Most companies on the internet, however, do not.

If you get a phishing email and give the scammers your Amazon password and then they order a bunch of goods because of it, is that Amazon's fault or yours? Should Amazon be required to eat the cost of it? Does that change if it's your local buddy's bike shop? If so, why?

https://www.techrepublic.com/article/why-most-of-what-we-know-about-passwords-is-wrong-and-how-businesses-should-respond/

Everything we know about what makes a strong password is wrong. Rather, most of the standards we use to determine the strength of a password are wrong, according to Bill Burr, the man responsible for originally publishing the standards.

As someone that also works in Information Security, unless a company is insuring against unauthorized access to your account then I don't see how it should be that company's responsibility if you are a victim of fraud.his password passed their test of being strong enough. they allowed him to use it. he was still hacked.

Maybe I worded the "doing 100% to protect yourself" not in the best way but in all the cases you mentioned people were victims and the robber/rapists should be held accountable and not a third party. eBay and PayPal are not responsible for theft by fraud which is the OP's case. They might be complicit if they did not give you a way to protect your account but that is not the case.

I am not saying the OP is not a victim. I am saying two things:
- Did he do everything possible, using his personal knowledge-base and common sense, to protect his eBay account?
- Why does he think eBay and PayPal are responsible for protecting him and making him whole from a clear case of robbery by fraud?

This is simply not the same as someone stealing you credit card and going on a shopping spree. Banks tell you upfront that they will protect you in that case. Do you think that service comes for free? You, as the credit card holder, pay for it via higher interest rates and fees they charge merchants which merchants then pass on to you through adding the cost to the goods you buy. So, you are getting insurance from your credit card company and paying for it even if it is not directly billed to you. eBay and PayPal do not offer these services.



i dont want to start a fight either, but your response is ridiculous, IMO.

let's take these examples and apply your criteria above:

-home gets burglarized. owner had the doors locked, but did not have steel frame doors, reinforced frames and double dead bolts installed. is he not the victim of burglary?

-bike is locked up while owner gets a coke. stolen. bike was locked with a cable lock, not NYC U-Lock. is this owner not a victim of a crime?

-young women is walking down the street and get raped. she was walking alone in the dark. is she not the victim of a crime?

or do you believe those people are at fault for not doing 100% of the things to protect themselves?

also - how is what happened here NOT fraud?

Passwords are rarely guessed that way. Almost every platform has brute force protection that locks the account after X number of failures. It was most likely due to phishing or maybe even a key logger (but they'd be doing more than altering ebay shipping addresses). So, he literally gave someone his password unknowingly.

how does one do that?

i'm familiar with the "auth" app but that's for other things.

dunno how to have 2-factor on something like hotmail or gmail.

Google applications and apps are two-factor enabled. It's up to you to set it up.

@KarlC for the most part you can up your security posture significantly by doing two things:

Enable multi factor auth whenever available.

Use different passwords for each website. Password managers help in this regard.

Between those two things you should be covered for most situations. Also, for everyone, I highly recommend watching a few training videos on phishing. Our baseline phishing succeptibility rate was 30% prior to active training of our staff, now it hovers around less than 1%.

Agreed. I'm a fan of LastPass free version. Works on any computer and the phone.

his password passed their test of being strong enough. they allowed him to use it. he was still hacked.

All companies set basic protections that are never enough but that is not an excuse to be ill-informed and not do more to protect yourself.

Also, see below.


Passwords are rarely guessed that way. Almost every platform has brute force protection that locks the account after X number of failures. It was most likely due to phishing or maybe even a key logger (but they'd be doing more than altering ebay shipping addresses). So, he literally gave someone his password unknowingly.

The OP claimed earlier in this thread that he got an email "from eBay" asking him to update his account. Without seeing that email, the links, and all the header information, I can only guess it was the phishing attack that started everything. I also earlier referenced this as probably the root cause of the attack.

The OP claimed earlier in this thread that he got an email "from eBay" asking him to update his account. Without seeing that email, the links, and all the header information, I can only guess it was the phishing attack that started everything. I also earlier referenced this as probably the root cause of the attack.

I thought you blamed him for not having a strong enough password.

Good stuff here. Be informed. Make good choices. Protect yourselves so it does not happen to you.


@KarlC for the most part you can up your security posture significantly by doing two things:

Enable multi factor auth whenever available.

Use different passwords for each website. Password managers help in this regard.

Between those two things you should be covered for most situations. Also, for everyone, I highly recommend watching a few training videos on phishing. Our baseline phishing succeptibility rate was 30% prior to active training of our staff, now it hovers around less than 1%.




I have one email account (i.e. buyer@something.com) that I use for my eBay and related Paypal "buyer" accounts.

I have another email account (i.e. seller@something.com) that I use for my eBay and related Paypal "seller" accounts.

I use a password manger and set a strong 15 character password for eMail, eBay, and PayPal accounts (as well as any other web based accounts I use) .

In addition, I use two-factor authentication on my email accounts.

I have a work email account.
I have an email account I only use for web purchases (not ebay).
I have an email account for job searches.
I have an email account for family/friends.
And so on....

The point of all of this it to shrink your attack vector so even if someone hacks an account, they only have access to that account and nothing else.

Everyone should use two-factor authentication on your email accounts. If your email account is hacked, think of how many places the attacker now controls? They can go to any service, put in your email, get a password reset, and now they own that other account (ebay, paypal, amazon, apple, netflix, hulu, your bank, etc.) as well.

Just some friendly advice from your local cyber security professional.

actually it was both. fraud using a hacked account.

if you accidentally leave your door unlocked and someone walks in and steals your bike, are you gonna call the insurance company or just suck it up and "use it as a learning experience" as you suggested the OP do?

I can assure you that my eBay account was properly safeguarded, and I never compromised my security information. I am pretty Internet savy, and cognizant of means used by criminals to gain access to personal information. I certainly was not the victim of any kind of phishing scam.

My best guess is that my account was one of a number that somehow were compromised at eBay. I did receive a notification from eBay perhaps a month earlier advising me that my password may have been compromised and should be changed. Before doing anything, I checked the IP address of the sender and confirmed that the email in fact was from eBay. I then navigated to eBay via web browser (not by following links in the email) and changed my password. I did not check the shipping address on file, and had no reason to suspect that it had been changed.

The issue with the seller was not fraud, but that it refused to take any measures to safeguard the shipment or help me try to take custody of the goods after they were misdelivered.

What kind of dumb**** ships a $500 item via UPS and allows it to be left on a front porch (in Queens, NY) without a delivery confirmation signature? When one pays via PayPal, the seller is provided with a shipping address of the confirmed account holder? Why would you elect to ship it to another address notwithstanding?

In any event, immediately after learning that the item had been delivered to a Queens address, I contact UPS to ask if it would send a driver back to the address and attempt to recollect the goods and reroute them to my correct address. UPS informed me that this could be done only if requested by the seller/sender. I immediately contacted the seller and requested that it contact UPS. THE SELLER REFUSED TO PROVIDE ANY ASSISTANCE WHATSOEVER and told me in essence that it shipped the item and it wasn’t the sellers problem.

As to eBay, it’s supposedly guarantees transactions, but refused here based on the fact that the item was delivered, albeit to someone else. Go figure.

@KarlC for the most part you can up your security posture significantly by doing two things:

Enable multi factor auth whenever available.

Use different passwords for each website. Password managers help in this regard.

Between those two things you should be covered for most situations. Also, for everyone, I highly recommend watching a few training videos on phishing. Our baseline phishing succeptibility rate was 30% prior to active training of our staff, now it hovers around less than 1%.

Good to know. Am I right in thinking that if your Password Manager gets hacked you are screwed as now they have ALL your Passwords ??
.


Agreed. I'm a fan of LastPass free version. Works on any computer and the phone.


Anyone else recommend this one or another ?

.

I can assure you that my eBay account was properly safeguarded, and I never compromised my security information. I am pretty Internet savy, and cognizant of means used by criminals to gain access to personal information. I certainly was not the victim of any kind of phishing scam.

My best guess is that my account was one of a number that somehow were compromised at eBay. I did receive a notification from eBay perhaps a month earlier advising me that my password may have been compromised and should be changed. Before doing anything, I checked the IP address of the sender and confirmed that the email in fact was from eBay. I then navigated to eBay via web browser (not by following links in the email) and changed my password. I did not check the shipping address on file, and had no reason to suspect that it had been changed.

The issue with the seller was not fraud, but that it refused to take any measures to safeguard the shipment or help me try to take custody of the goods after they were misdelivered.

What kind of dumb**** ships a $500 item via UPS and allows it to be left on a front porch (in Queens, NY) without a delivery confirmation signature? When one pays via PayPal, they are provided with a shipping address of the confirmed account holder? Why would you elect to ship it to another address notwithstanding?

In any event, immediately after learning that the item had been delivered to a Queens address, I contact UPS to ask if it would send a driver back to the address and attempt to recollect the goods and reroute them to my correct address. UPS informed me that this could be done only if requested by the seller/sender. I immediately contacted the seller and requested that it contact UPS. THE SELLER REFUSED TO PROVIDE ANY ASSISTANCE WHATSOEVER and told me in essence that it shipped the item and it wasn’t the sellers problem.

As to eBay, it’s supposedly guarantees transactions, but refused here based on the fact that the item was delivered, albeit to someone else. Go figure.


Perhaps because this is the adress that was provided to him to ship to via ebay? Do you know for a fact that he also recieved your real adress via paypal for this transaction via paypal upon payment? That doesent make any sense.. How could he ship to this "wrong" adress (that was also listed on your account) if it was not provided to the seller?

Good to know. Am I right in thinking that if your Password Manager gets hacked you are screwed as now they have ALL your Passwords ??

Yes, which is why I have a unique password for the password manager.

Perhaps because this is the adress that was provided to him to ship to via ebay? Do you know for a fact that he also recieved your real adress via paypal for this transaction via paypal upon payment? That doesent make any sense.. How could he ship to this "wrong" adress (that was also listed on your account) if it was not provided to the seller?

When payment for goods sold via eBay is made via PayPal, both the payer and payee receive a duplicate email confirming that payment has been made and providing the delivery address of the payee. EBay apparently also provides a delivery address.

Interestingly, on the auction itself, the seller was identified as being in Olean, NY, which is in upstate NY, a few hours away. My purchasing decision was based on the fact that even shipped by UPS ground service, I’d likely receive the goods within a day or so. It turns out that the seller actually was in India, and looks to operate an eBay business requiring goods to be drop shipped from other locations. The fact that he was in India may explain the reluctance to contact UPS.

When payment for goods sold via eBay is made via PayPal, both the payer and payee receive a duplicate email confirming that payment has been made and providing the delivery address of the payee. EBay apparently also provides a delivery address.

Interestingly, on the auction itself, the seller was identified as being in Olean, NY, which is in upstate NY, a few hours away. My purchasing decision was based on the fact that even shipped by UPS ground service, I’d likely receive the goods within a day or so. It turns out that the seller actually was in India, and looks to operate an eBay business requiring goods to be drop shipped from other locations. The fact that he was in India may explain the reluctance to contact UPS.

Maybe but thats another issue.

Im saying if you have a listed shipping address on ebay and the seller receives this adress via ebay as your chosen shipping adress. Why would he ship anywhere else?

Couldent you just say that if he shipped it to your confirmed paypal adress (which i dont think he gets when u bought with another adress) that this was the wrong adress and that he should have sent it to the one listed on the ebay transaction? In this scenario the seller could never win?
Im happy for you to have your money back, thats great. Just dont think its fair on the seller even tho he doesent seem very helpfull to your situation when refusing to help out with ups. He is likely still the one out 500$ in the end i would suspect and its hard for me to c what he did wrong.

Facts from the OP not already in evidence (or the thread). This changes the story.

My comments about you being victim would have been different had I known that it was eBay's fault your account was compromised. If your account was compromised due to eBay, this would be similar to the Equifax attack in which they did not take proper safeguards to protect their systems and as a result millions of peoples' (almost every adult american) personal information was stolen.

If you are not familair with the Equifax attack or how to protect yourself, this John Oliver video is funny and has great information (NSFW):
https://www.youtube.com/watch?v=mPjgRKW_Jmk

So, the moral of the story is - IMHO - protect yourself as much as possible so you do not become the victim of a cyber attack due to your own fault (and sometimes others misdeeds).





I can assure you that my eBay account was properly safeguarded, and I never compromised my security information. I am pretty Internet savy, and cognizant of means used by criminals to gain access to personal information. I certainly was not the victim of any kind of phishing scam.

My best guess is that my account was one of a number that somehow were compromised at eBay. I did receive a notification from eBay perhaps a month earlier advising me that my password may have been compromised and should be changed. Before doing anything, I checked the IP address of the sender and confirmed that the email in fact was from eBay. I then navigated to eBay via web browser (not by following links in the email) and changed my password. I did not check the shipping address on file, and had no reason to suspect that it had been changed.

The issue with the seller was not fraud, but that it refused to take any measures to safeguard the shipment or help me try to take custody of the goods after they were misdelivered.

What kind of dumb**** ships a $500 item via UPS and allows it to be left on a front porch (in Queens, NY) without a delivery confirmation signature? When one pays via PayPal, the seller is provided with a shipping address of the confirmed account holder? Why would you elect to ship it to another address notwithstanding?

In any event, immediately after learning that the item had been delivered to a Queens address, I contact UPS to ask if it would send a driver back to the address and attempt to recollect the goods and reroute them to my correct address. UPS informed me that this could be done only if requested by the seller/sender. I immediately contacted the seller and requested that it contact UPS. THE SELLER REFUSED TO PROVIDE ANY ASSISTANCE WHATSOEVER and told me in essence that it shipped the item and it wasn’t the sellers problem.

As to eBay, it’s supposedly guarantees transactions, but refused here based on the fact that the item was delivered, albeit to someone else. Go figure.

Thanks. I searched on how to do it on hotmail and just set things up. ONce it's active, would you (or anyone on this thread familiar with hotmail process) happen to know if there is there something that's supposed to happen upon re-logging in? As in two steps?

I logged out and then re-logged back in and just entered my new password, no authentication took place.


Google applications and apps are two-factor enabled. It's up to you to set it up.

I have one email account (i.e. buyer@something.com) that I use for my eBay and related Paypal "buyer" accounts.

I have another email account (i.e. seller@something.com) that I use for my eBay and related Paypal "seller" accounts.

I use a password manger and set a strong 15 character password for eMail, eBay, and PayPal accounts (as well as any other web based accounts I use) .

In addition, I use two-factor authentication on my email accounts.

I have a work email account.
I have an email account I only use for web purchases (not ebay).
I have an email account for job searches.
I have an email account for family/friends.
And so on....

The point of all of this it to shrink your attack vector so even if someone hacks an account, they only have access to that account and nothing else.

Everyone should use two-factor authentication on your email accounts. If your email account is hacked, think of how many places the attacker now controls? They can go to any service, put in your email, get a password reset, and now they own that other account (ebay, paypal, amazon, apple, netflix, hulu, your bank, etc.) as well.

Just some friendly advice from your local cyber security professional.
I work for a Gov't research facility. They are COMPLETELY NUTS about system security. You should think about coming to work for us. You could help make things even more unbearable for us over there! :)

Facts from the OP not already in evidence (or the thread). This changes the story.

My comments about you being victim would have been different had I known that it was eBay's fault your account was compromised.


This changes nothing...literally in the first post:

I checked my eBay and PayPal accounts, and sure enough the delivery address on my eBay account somehow had been hacked and changed without me noticing. My PayPal account had not been compromised, so it did have my correct address on file.
The fact is that OP's account was hacked and you assumed it was due to lack of diligence on OP's part, even when the largest breaches recently (OPM, Equifax, Yahoo) were on the part of vendors and corporations being lax.

I work for a Gov't research facility. They are COMPLETELY NUTS about system security. You should think about coming to work for us. You could help make things even more unbearable for us over there! :)

Can’t argue with that logic (said with sarcasm). Why would you ever want to securely protect government research (also said with sarcasm).

Watch the video I linked above and then tell me how you feel about Eauifax releasing your personal information via a cyber attack that could have been avoided. Than maybe you will reconsider your comment about protecting sensitive information.

Also, no reason to make a personal attack against me to share your perspective. You could have done the same without the cheap shot because that is all it was.

I think our logic is flawed because it is based on your opinion rather than facts. You are actually making the assumption that "corporate" breaches happen more often than "consumer" breaches.

The largest "corporate" breaches lately were only a few and reported on the news because they affected large corporations.

There are so many more smaller "consumer" incidents that happen everyday and even if they were reported to the news would not actually be reported.

So, my professional experience tells me that in this case I did originally make the correct assumption because more often than not it is a consumer that is attacked/breached which happens every day rather than the corporate breaches that do not happen as often (corporations get attacked all the time but they do not get breached nearly as often). Simply, everyone will get attacked and breached at some point. Corporations are not perfect but they have many controls, processes, and technical defenses in place to protect against attacks. The average consumer does not have the requisite knowledge and/or the desire to learn for themselves so they can better protect against these types of attacks.

Do you have a hardware firewall at home protecting your network? Why not?
Do you have a secure WiFi network that uses encryption and 802.1X (RADIUS) authentication for the computers and users on your network? Why not?
Do you share you WiFi password with guests in you home? Do you know where there computers have been and if they are infected with malware that might infect your computers?
Do you have an information security policy at home that is regularly updated and shared with family members? Why not?
Do you use scenario based training with family members to train them on what to look for? Why not?
Do you discuss social engineering attacks with your family and review past ones so they know how to avoid them?


I give great credit to the OP for reading through the comments, not taking them personally, and adding facts to the conversation that were not originally available. Just because we now know this was an eBay failure at the system level does not mean we should all not still be vigilant in protecting ourselves. If you want to draw out that thought, I would like to know how long it took the OP to change the password on his account after he received notice from eBay? 2 minutes? 1 hour? 1 day? Basically, how long did he knowingly leave is account in a compromised state? If he knew the account was compromised, why did he not look around and see if everything was set correctly? If he knew the account may have been compromised what did he not pay more attention to the confirmation emails on his first order after changing his password?

I am not blaming the OP. I am asking why the OP did not do everything he knew possible to protect himself when he knew his account may have been compromised?

My question still remains, why do people not take personal responsibility for their actions (or non-actions)?

I can feel bad for the OP as well as everyone else and tell him that he was screwed by eBay, PayPal, and the seller or I can take a different approach and share with him why he might have been partially to blame and how to protect himself in the future. Which one is going to help him? Empathy or knowledge?




This changes nothing...literally in the first post:

The fact is that OP's account was hacked and you assumed it was due to lack of diligence on OP's part, even when the largest breaches recently (OPM, Equifax, Yahoo) were on the part of vendors and corporations being lax.

@54ny77

To avoid being annoying and not scare off all their patrons, two factor rarely prompts every time you log in for consumer applications. It generally stores a cookie in your browser that expires after a certain length of time or the server remembers your browser ID. You can test to make sure it's setup correctly by opening an Incognito/Guest session and logging in, it should then prompt you for the code.


One other comment on internet security, unfortunately there's no such thing as 100% secure other than unplugging yourself from the internet and living in the woods. Phishing/social engineering is the easiest way to bypass most safeguards that a company can put in place. Learning how to identify and protect yourself against those will go pretty far in the fight to stay safe on the internet. Mind you, it's not just emails, for our security testing we have the option to do automated calls too to see if users will give away sensitive info.

For example, in more sophisticated cases, something like the following can happen:

Attacker makes friends with a person of value on Facebook (e.g., a person with a certain level of access desired). Through a series of phone calls, they determine what the password reset policy is for the company. For simplicity, let's say it's your DOB. They then call the Target saying that they're from XYZ credit card company calling about a bad debt, but prior to proceeding, they need to confirm the person's DOB. Target gives them the DOB and now has what they need to get a password reset.

While this has been happening they have been following them on Facebook. Target goes on vacation (and posts on Facebook their adventures). So, when Target is on a vacation or some other trip, they call up helpdesk stating they're aware on their trip at XX place and need to get into the system to put together some last minute orders but they got locked out, can they get reset...

Oh, I should add for the OP, if eBay was actually aware your account was compromised and they can identify that information was changed that shouldn't be, I personally would probably call them back and tell them that if they don't resolve your situation ASAP, you'll call a class action attorney as those two pieces of information together mean that some control or process broke and they may be liable.

Dropping class action attorney may get you a call back quickly.

rchman and NYCfixie pals, thank you for being so patient and generous in sharing your knowledge.

It's 2017 almost 2018 and ebay doesn't offer a standard 2 factor authentication tie-in with something like Google Authenticator. There is the 6 digit telephone pin that doesn't do anything on the initial login or fork over some money for a physical key fob.

Thanks. I searched on how to do it on hotmail and just set things up. ONce it's active, would you (or anyone on this thread familiar with hotmail process) happen to know if there is there something that's supposed to happen upon re-logging in? As in two steps?

I logged out and then re-logged back in and just entered my new password, no authentication took place.

Which is just what should happen if you log back in from the same computer within a specified period of time.

Where two-factor comes into play:

Logging in from a foreign computer
Logging in from a foreign device
Logging in from a foreign network
After a specified period of time
if you fail a login security check

among other things.

Maybe I worded the "doing 100% to protect yourself" not in the best way but in all the cases you mentioned people were victims and the robber/rapists should be held accountable and not a third party. eBay and PayPal are not responsible for theft by fraud which is the OP's case. They might be complicit if they did not give you a way to protect your account but that is not the case.

I am not saying the OP is not a victim. I am saying two things:
- Did he do everything possible, using his personal knowledge-base and common sense, to protect his eBay account?
- Why does he think eBay and PayPal are responsible for protecting him and making him whole from a clear case of robbery by fraud?

This is simply not the same as someone stealing you credit card and going on a shopping spree. Banks tell you upfront that they will protect you in that case. Do you think that service comes for free? You, as the credit card holder, pay for it via higher interest rates and fees they charge merchants which merchants then pass on to you through adding the cost to the goods you buy. So, you are getting insurance from your credit card company and paying for it even if it is not directly billed to you. eBay and PayPal do not offer these services.

A. I legally didn’t need to do everything possible to protect my account. Rather I had to take steps that were reasonable under the circumstances. I did that by selecting a password that was acceptable to eBay, and by doing what was within my power to safeguard that password.

B. eBay should have covered my loss because eBay explicitly guarantees that the buyer will receive the goods it purchased. I never received the goods. IMO, eBay breached the warranty it expressly made.

C. The seller failed to act prudently—you don’t ship relatively expensive goods without requiring confirmation of delivery, and you don’t allow the shipping company to leave those goods on a porch unattended.

D. PayPal arguably is the screwee now (that is a legal term of art) if it is unable to recover funds from the seller. That is the risk it takes by providing the services that it provides, and I’m sure it is capable of covering. I do hope it is able to collect from the seller though (see C above).

E. I never suggested that the seller and the person or persons who unlawfully accessed my eBay account were one and the same.

F. Some person near Ozone Park, New York perpetrated a fraud and stole the goods that I purchased.

As far as I’m concerned this is over. I’ve been made whole. I reported the fraud to the FBI’s IC3 unit (https://www.ic3.gov/) and I’ll certainly help if this is ever investigated or prosecuted.

it should be noted, i believe that the cutoff for bikeflights is $200. any declared value beyond that has to ship siggy required. that seems like a prudent rule.

Ebay or paypal years ago had a device that generated a code that you could use to login in your account, the cost of it was super cheap, no idea if they still have it.

A - no comment.

B - eBay's policy does not explicitly guarantee that the buyer will receive the goods it purchased in every, and all, circumstances. You are applying a general policy with many stipulations to your situation in which they did not have to cover the loss. Any attorney could easily prove that eBay owes you nothing.

C - if The seller followed eBay and PayPal's policies on shipping, then they are covered by eBay and PayPal policies and are in the clear because it does not matter what you think is prudent. What matters is that you and the seller agreed to both ebay and paypal's terms of service so that is what sets the legal terms for the transaction. What the seller did compared to what you think they should have done would have no legal bearing on the issue if it ever went to court. There may have been some bad decisions but their was no gross negligence.

D - I would not be so sure that you are done. Your bank, PayPal and eBay may still tussle it out and get back to you with an answer you do not like. Or one of them may ultimately decide that it is less expensive to just comp you what you are out rather than get into a legal battle but that does not mean that either one is wrong and that you are right. It just means it is less expensive for one of them, or both of them, to just pay you to make you go away. Nothing done by the seller was illegal. Annoying to you maybe yes but not illegal. Did he break an eBay or PayPal policy by shipping to your eBay instead of your confirmed PayPal address? If yes, then he is not covered by the PayPal seller policy and will probably get charged back for the item in question. If that happens, then PayPal will probably not dispute the charge back from your bank.

E - Quoting your earlier comment, "I think the seller is the scammer. It sells goods, and then evades delivery (by delivering them to an address of a conspirator) so that it can resell them." It can be fairly assumed that the conspirator was the person who accessed your ebay account and changed the address to something the seller would know and use (that would be the definition of a conspiracy).

F. Can you prove it to a level that would hold up in a court of law? And, don't disparage Ozone Park. It's a not so terrible part of Queens which is an outer borough of NYC.





A. I legally didn’t need to do everything possible to protect my account. Rather I had to take steps that were reasonable under the circumstances. I did that by selecting a password that was acceptable to eBay, and by doing what was within my power to safeguard that password.

B. eBay should have covered my loss because eBay explicitly guarantees that the buyer will receive the goods it purchased. I never received the goods. IMO, eBay breached the warranty it expressly made.

C. The seller failed to act prudently—you don’t ship relatively expensive goods without requiring confirmation of delivery, and you don’t allow the shipping company to leave those goods on a porch unattended.

D. PayPal arguably is the screwee now (that is a legal term of art) if it is unable to recover funds from the seller. That is the risk it takes by providing the services that it provides, and I’m sure it is capable of covering. I do hope it is able to collect from the seller though (see C above).

E. I never suggested that the seller and the person or persons who unlawfully accessed my eBay account were one and the same.

F. Some person near Ozone Park, New York perpetrated a fraud and stole the goods that I purchased.

As far as I’m concerned this is over. I’ve been made whole. I reported the fraud to the FBI’s IC3 unit (https://www.ic3.gov/) and I’ll certainly help if this is ever investigated or prosecuted.

I always message the seller my address if I win an auction just to make doubley sure there ain't any screw-ups.

A - no comment.

B - eBay's policy does not explicitly guarantee that the buyer will receive the goods it purchased in every, and all, circumstances. You are applying a general policy with many stipulations to your situation in which they did not have to cover the loss. Any attorney could easily prove that eBay owes you nothing.


https://pages.ebay.com/help/policies/money-back-guarantee.html

An attorney also could make a colorable argument that my failure to receive the goods I purchased on eBay should have been covered by the express warranty offered and advertised by eBay. At the very least, eBay’s policy might be ambiguous, but as a matter of contractual construction, ambiguities in eBay’s express warranty policy would be resolved against eBay. But I do concede that reasonable minds may differ and courts can be unpredictable.

C - if The seller followed eBay and PayPal's policies on shipping, then they are covered by eBay and PayPal policies and are in the clear because it does not matter what you think is prudent. What matters is that you and the seller agreed to both ebay and paypal's terms of service so that is what sets the legal terms for the transaction. What the seller did compared to what you think they should have done would have no legal bearing on the issue if it ever went to court. There may have been some bad decisions but their was no gross negligence.

Again, we’ll have to agree that reasonable minds can differ. But, I can definitively say that the dispute has been resolved, and I obtained not only a result that I can live with, but the one I actually wanted. We both also know that the matter will not be litigated further, except perhaps on The Paceline Forum, and after I finish writing this post, not by me.


D - I would not be so sure that you are done. Your bank, PayPal and eBay may still tussle it out and get back to you with an answer you do not like. Or one of them may ultimately decide that it is less expensive to just comp you what you are out rather than get into a legal battle but that does not mean that either one is wrong and that you are right. It just means it is less expensive for one of them, or both of them, to just pay you to make you go away. Nothing done by the seller was illegal. Annoying to you maybe yes but not illegal. Did he break an eBay or PayPal policy by shipping to your eBay instead of your confirmed PayPal address? If yes, then he is not covered by the PayPal seller policy and will probably get charged back for the item in question. If that happens, then PayPal will probably not dispute the charge back from your bank.

There is at most an ice cube’s chance in hell that a commercial entity like eBay or PayPal would ever come back at me to recoup $522 for any number of reasons, including the fact that $522 would pay for less than an hour of an attorney’s time. PayPal and/or eBay either will write off the $522, or perhaps try to recapture it from the seller (which also is highly unlikely).

E - Quoting your earlier comment, "I think the seller is the scamr. It sells goods, and then evades delivery (by delivering them to an address of a conspirator) so that it can resell them." It can be fairly assumed that the conspirator was the person who accessed your ebay account and changed the address to something the seller would know and use (that would be the definition of a conspiracy).

I clarified elsewhere in my thread that I was able to establish that my eBay account had been compromised, unbeknownst to me, approximately one month before the transaction. The clear inference was that the seller could not have been involved in the breach.


F. Can you prove it to a level that would hold up in a court of law? And, don't disparage Ozone Park. It's a not so terrible part of Queens which is an outer borough of NYC.

Prove what? Courts, judges and juries often can be unpredictable no matter how good an attorney might think his/her case is.

I think there would be a decent probability of me establishing that eBay failed to reasonably safeguard my account information, and that as a result of its failure, I incurred a loss of $522. I certainly can make a good-faith claim.

I also would have a shot of proving that eBay warrants that purchasers of goods will receive the items they purchase, and that I never received the goods I purchased and therefore should be entitled to warranty coverage.

Alternatively, I could craft a fairly persuasive argument that eBay engages in false and deceptive advertising practices by misrepresenting that it warrants that items purchased on eBay will be received by purchasers, and then provides no or only limited warranty coverage when items go unreceived. Could these allegations ultimately be proven beyond a propensity of the evidence? I suppose that would depend on discovery that would have to be taken after a class action is commenced.

I don’t know for sure, but I don’t imagine that eBay would want to make a federal case out of the $522 refund I received.

BTW, I’m familiar with NYC. The simple fact is that my eBay account somehow was hacked, and my shipping address was changed to one on Linden Ave., in Ozone Park, in an area that was described to me as “dodgy.”

Thanks to everyone for all of the support, and my gratitude goes out again to binxnyrwarrsoul, who graciously offered to visit the address to which the item I purchased had been misdelivered. I truly appreciated your help. Please let me know if you ever are venturing north to the Capitol District or Adirondacks.

I think this thread is done.

Thanks to shovelhd, rchman and NYCfixie for sharing some valuable information. I thought I had a pretty good security system, but learned some things that will allow me to tighten my "vector". #appreciated