edschaum Posted June 2, 2007 Share Posted June 2, 2007 I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made. The email address of the person ordering was suspicious, so I checked the site: www.spam.la The email address of the person ordering was [email protected] . If you filter the listing of emails on spam.la to show only mail that is going to [email protected], you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!? Here are links to a couple of pages of emails coming in to that site which show osc order emails: http://spam.la/?start=2127218&f=sdf Load the above page and then keep clicking on "20 older emails" to see more fraud activity. On this page: http://spam.la/?start=2154612&f=sdf a couple of dealers are responding telling the fraudster that they didn't receive his payment. All of the orders I've seen go to Andrew Weevilo in Richmond Virginia. Has anyone else experienced this? Ed Quote Link to comment Share on other sites More sharing options...
satish Posted June 2, 2007 Share Posted June 2, 2007 If its a std paypal module tat comes with oscommerce yes its easy to hack thru. So recommended that You do install paypal IPN contrib developed by oscommerce team. Regards, Satish Quote Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Guest Posted June 2, 2007 Share Posted June 2, 2007 I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made. The email address of the person ordering was suspicious, so I checked the site: www.spam.la The email address of the person ordering was [email protected] . If you filter the listing of emails on spam.la to show only mail that is going to [email protected], you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!? Here are links to a couple of pages of emails coming in to that site which show osc order emails: http://spam.la/?start=2127218&f=sdf Load the above page and then keep clicking on "20 older emails" to see more fraud activity. On this page: http://spam.la/?start=2154612&f=sdf a couple of dealers are responding telling the fraudster that they didn't receive his payment. All of the orders I've seen go to Andrew Weevilo in Richmond Virginia. Has anyone else experienced this? Ed Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails? Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to. Quote Link to comment Share on other sites More sharing options...
edschaum Posted June 2, 2007 Author Share Posted June 2, 2007 If its a std paypal module tat comes with oscommerce yes its easy to hack thru. So recommended that You do install paypal IPN contrib developed by oscommerce team. Regards, Satish Thanks for the reply. I'll try to install ipn, but my version of osc became obsolete right after I went live with it and ipn supposedly only works with MS2. Once osc changed the core code, most updates/mods became useless to me. Ed Quote Link to comment Share on other sites More sharing options...
edschaum Posted June 2, 2007 Author Share Posted June 2, 2007 Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails? Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to. I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites. Quote Link to comment Share on other sites More sharing options...
Guest Posted June 2, 2007 Share Posted June 2, 2007 I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites. OK, thanks Ed for bringing this to everyones notice. With the name of the site, it does not sound like it is legit. I use a Paypal IPN module, but I don't see how that stops me from being hacked. Maybe Satish can explain? Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted June 3, 2007 Share Posted June 3, 2007 Use the EWP feature came with PayPal IPN module. It's the least protection for the store. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
bobg7 Posted June 3, 2007 Share Posted June 3, 2007 I could also be there using a cloned PayPal Payment email where they create an html email to look exactly like a real PayPal email. Quote Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.