Fraudulent PayPal transaction
Wondering if anyone here can shed some light on a new situation I encountered over the weekend.
We had a large ($945) fabric order come through, paid by an e-check through PayPal.
Yes, that is WAY more than our average order. So, of course, I start wondering about fraud. Obviously we are not going to ship anything until the e-check clears, so I have a couple of days to do the fraud screening. At first glance, though, all seems ok, because the ship-to address is a CONFIRMED address according to PayPal.
But yesterday I see that the e-check has cleared, and the funds are now available in my PayPal account. But... the customer calls, and says that she has spoken to PayPal and her bank, and the transaction is fraudulent, so we should not ship.
Ok. So we won't ship, and I immediately refunded her money.
Then I start to look more closely at the transaction.
The billing address for the order (which does not appear anywhere in the PayPal transaction detail) is different than the ship-to address. And... doing a reverse address lookup, the billing address does tie in to the customer's name. But the ship-to address ties to four people, none of whom have the same surname as the customer. However, both addresses have the same zipcode, so they're just across town from each other.
But - because I'm concerned for this customer, I decided to call her back and ask her to be sure that her bank reports the e-check to PayPal as being fraudulent, because otherwise PayPal won't bother to investigate. (This I was told by someone I spoke to at PayPal.)
Mind you, this is only three hours after the customer had called us, and now I get a Verizon message saying that the phone number has been changed or disconnected. (I used caller id lookup to return her call, so I know I didn't misdial.)
But still worried about the customer, because it seems possible that someone hacked her PayPal account, and I wanted to warn her to cancel any credit cards that were associated with her PayPal account, and check all her other online accounts if she by chance used the same password for multiple accounts (banking, credit cards, Amazon, eBay). I figure we all should be looking out for one another, and I might be able to warn her/save her more trouble. So I sent an e-mail to her personal address as well as her PayPal address.
Funny thing is, I would have expected some sort of acknowledgement of the e-mail, maybe a tiny thank-you-for-the-suggestions. Not that I want her to be grateful, just forewarned.
But no communication at all.
This is so strange! I wonder if it really was fraudulent, or if she just had buyer's remorse and was to embarassed to ask us to cancel the order, or ... if there is some other scheme at work that I wasn't aware of?
If you send an e-check, and the funds are returned, do they go back into the actual bank account, or just your PayPal account? Could a fraudster send out funds via e-check, then ask for the funds to be returned, and then use the PayPal balance to buy the stuff you *really* want? Like maybe downloads (which probably aren't traceable)?
I have no way to know if the phone number belonged to the customer or to the fraudster. It was a mobile phone, and you can't do a reverse phone lookup on those.
And how did that other address wind up as "confirmed" in PayPal?
I'm hoping someone here has some knowledge about these things.