Want to keep up with me? Get on the list! =)


PayPal Executive Escalations Delivers!

September 2nd, 2015 by ToolTrainer

UPDATE 09.03.15:  A credit hit my PayPal account this morning, I got all my money back.

Well holy crap has my day/week ever turned around.

I just got off the phone with Adam from PayPal’s Executive Escalations team, who apologized quite profusely about how things went down in this case, and PayPal is going to be crediting me the full $500 that I paid, and is actually investigating the seller (they couldn’t tell me more about that part obviously).

This is amazing and awesome.  I had already written it off and just wanted to make this into a learning experience for others, but instead my case is probably going to end up as a learning experience for PayPal!  My video showing how easy it is to fabricate a screenshot has apparently been making the rounds within PayPal already and they may even use it as a teaching aid within the company – which would be pretty dang cool if I do say so.

Prior to the commenter named “A” on my earlier post, I didn’t even know there was an Executive Escalations team.  I hadn’t gotten around to trying to locate them yet but they found me first.  Kudos to them for acknowledging a weakness in their policies and procedures, and for wanting to educate their people better on issues such as this.  I’m psyched that I’ll get my money back and even more psyched that the scammer won’t be getting it.

PayPal, you’ve redeemed yourself quite a bit in my eyes!


Watch Me Hack And Own PayPal.com In Seconds!

September 2nd, 2015 by ToolTrainer

This is of course a followup to my previous post.  PayPal… come on, get a clue.

Paypal Does Not Know How To Detect Fraud.

September 2nd, 2015 by ToolTrainer

UPDATE!  PayPal has reversed their decision!

So, I got scammed.

Yep, it can happen to anyone, and this time that anyone was me.  But that’s really not the amazing part.  What’s truly shocking here, is how Paypal has behaved regarding this.  Pull up a chair, grab the popcorn, and settle in.  You’re not gonna believe this…

So a few days back, I’m browsing through ebay’s domain auctions (I’ve found this to be a great way to get really cheap domains that I can turn a very generous profit on via domain parking) and I stumble onto the domain shop.com for sale.  Yes that’s right, SHOP.COM.  And it’s listed at $500.  I figure that must be the starting bid… but no, it’s the BIN (Buy It Now) price!

Now I already know something funny is going on here, but it got even more sketchy when I looked at the seller.  0 feedback, and an account that was less than a month old.  So I already smelled a rat, and suspected this was bogus.  But, sometimes in business… shit happens.  Partners split up, and maybe out of anger or spite one of them sells a valuable asset way below market value.  Still, I wasn’t about to accept this at face value alone.

I called eBay to ask about the listing.  It expressly stated that it was not covered under eBay’s purchase protection program, and that wasn’t totally surprising given that it’s a digital, intangible item.  I spoke to an eBay rep who explained to me that, no surprise, the listing seemed suspicious and would not be covered by them, but that PayPal might offer some protection and I should speak to them.  So I did.

The very helpful gentleman I spoke to informed me that ever since the eBay/Paypal split recently, domains are actually covered by their buyer protection now!  This was great news and was a recent change, and this information gave me the confidence to roll the dice and see if I picked up a winning lottery ticket or not, knowing that PayPal would have my back if anything went sideways.

I purchased the domain immediately at the $500 BIN price, and was quite surprised that just a few minutes after the auction closed, the seller contacted me to ask for my Godaddy account number so he could push the domain to me.  Holy shit!  This might be my golden ticket after all!  I sent him the info he needed, and he replied saying the domain had been pushed.  But he also mentioned that it could take up to 24 hours to appear in my account, and I know from much experience that these pushes usually take only a matter of minutes.  Things were beginning to go sideways.

The following morning, I was momentarily pleasantly surprised to see a new domain waiting for me to accept in my Godaddy account!  But after I actually focused my eyes and saw that the domain was not the valuable shop.com domain, but was instead a worthless domain (gigvine.co), I knew I’d definitely been had.

No problem though right?  Just call PayPal and open up a dispute.  Easy!  This should be an obvious slam dunk… he sold me one domain name, and sent me a different one.  Doesn’t get much simpler than that!  PayPal even has that exact dispute option – “Significantly Not As Described”.  That certainly describes this situation!

I proceeded to open the dispute, and less than 14 hours later it was closed in favor of the seller.


I called PayPal again and spoke to another agent.  I explained the situation to her and she gladly appealed the decision for me, all the while being very polite and sympathetic.  But once again, less than 24 hours later, the case was again closed in favor of the seller.

OK, WTF PayPal… what is going on here?  Their email to me seemed to have a tidy explanation:

In response to your non-receipt complaint, the seller provided reasonable proof that the domain was transferred. Therefore, in accordance with our User Agreement, we cannot reverse the transaction. If any issues in regard to your claim remain unresolved, we encourage you to work directly with the seller to reach an amicable resolution.

Now I know something is really screwy at PayPal.  Whatever “proof” this seller has provided, is very obviously forged because I do not own shop.com but instead own the worthless gigvine.co!  Has nobody even bothered to do a whois lookup on shop.com?  Does nobody at PayPal use their brain?  Is there some OCR program scanning whatever fake documents the seller sent and deciding they look legit?  WTF!??!

I call PayPal again, and again explain the situation.  I’m put on hold a while this time and eventually the dispute is reopened once more, but I’m asked to provide some documentation regarding the situation.  Now I happen to have a large enough domain portfolio that I have my own personal rep at Godaddy, so I asked the PayPal rep if a letter from Godaddy would be sufficient.  I was told yes and to submit it with the claim as soon as I could.

One quick phone call to my stunned Godaddy rep, and a letter was on its way to me clearly stating that the domain has never been held by Godaddy in the first place and so could never have been pushed to me, and is also definitively not in my possession.  I attached this document to my dispute and waited once again.

Big shock… but less than 36 hours later the case was again closed, without any new reason being given.  I called PayPal once more, explained everything yet again (since you can never deal with a specific person there, everyone who answers the phone always has to read all the notes from scratch), and was told that the letter from GoDaddy was there but somehow did not get attached to my case.  He attached it for me and reopened the dispute yet again.

This time it was almost 2 days to get a response, but it was yet again in favor of the seller.  I placed one more (ultimately final) call to PayPal to discuss things, but this time I was flatly shut down.

The woman I got this time was unyielding in her insistence that the documentation provided by the seller was legitimate.  When I asked what exactly they had seen, I was told “screenshots”.

Yes, that’s right.  SCREENSHOTS!!  Not only that, but after I explained to her how easy it was to make a perfect fake of any screenshot (right click, inspect element, change to whatever you want, save screenshot), she was adamant that they could tell that this had not happened and that everything was real and legit.

To quote the great Gary Oldman – UNBEFUCKINGLIEVABLE.

The rest of our call was somewhat heated, as I was understandably more than a little frustrated.  But she would not budge, and simply stood by her assertion that they are trained to be able to tell forged documents from real ones and that everything the seller provided was legit, and that if I was unhappy with the decision I should contact my credit card company or seek justice via Small Claims Court.  Nevermind the small detail that this scammer is almost certainly in another state and that I don’t even know that I have a real name for him/her or any actual information to go on that would be needed in a legal action.  Oh yeah and he’s now deleted his eBay account so that I no longer have any direct means of communication to him and neither does eBay.  SMH.

Whatever “training” PayPal’s agents receive in fraud detection, they seriously need to go back to school.  To blindly accept screenshots as proof of anything in 2015, is absolutely mind boggling.  And to tell me that they can tell if they’re real or not is even more so!  This is such a simple transparent scam, I can’t imagine anyone with a brain stem would not see what’s happened here.  I’m fairly confident that it went down as follows:

Seller sets up a new eBay account expressly for this purpose and lists a very high value domain at a very low price.  Someone comes along and buys it, but since the seller doesn’t own said high value domain, he instead pushes a worthless domain over to the buyer.  But in so doing, he has created a perfect, authentic trail of screens showing the entire process.  All he has to do is right click on (in this case) “gigvine.co” on every screen, change it to say “shop.com” and capture a screenshot.  Do this for every page, and he has a perfect, time-accurate, set of screenshots showing the entire process of transferring the domain over to the buyer.  And there would be absolutely no way of detecting this at all, since screenshots done this way aren’t going to contain any digital artifacts the way a Photoshop-altered image would.  They will be absolutely perfect, and so for this reason would – I would expect – never be used as proof of anything!  But PayPal actually told me that they had screenshots of every step of the process the seller took to transfer the domain to me, and that it was all genuine.  Incredible.

So, that brings us, dear reader, to today.  I started asking around my various contacts to see if anyone has any connections high up at PayPal, but so far nobody does.  I’m half tempted to just go make a stink at PayPal’s offices since they’re like 5 miles away from me, but that would probably just get me arrested.  But just know that, should you ever find yourself in dispute of a transaction at Paypal, you are at the mercy of the Element Inspector as to whether or not you will get your money back.  PayPal will not apply logic, common sense, or even the slightest bit of investigative expertise to your case.

You are on your own.  And good luck with that!