Suspicious donations

richards1052
Contributor
Contributor

I accept Paypal donations on behalf of a blog I own.  In the past two weeks, I've received a series of $1 donations from individuals whose names are unfamiliar.  I have never received a donation in this amount before via Paypal.  So far I've received 5 of these donations, each supposedly from different individuals.  The first person who made such a donation then disputed the donation.  Because the matter is in dispute, I could not refund the funds to the donor.  I had to call Paypal to notify them that I did not solicit the donation, did not bill the person for the donation, & know nothing about what happened.  Paypal told me to e mail the person saying that if they removed the dispute I could then refund the money.  I did so, but the matter remains in dispute.  I wonder whether the individual's e mail address is even real.

 

Since several others of these donations happened immediately afterward, this is starting to look like a pattern.  Should I refund the money of all the donors before they can claim a dispute?  Anyone else know why this may be going on?  Does someone want to **bleep** up my status with Paypal so I can no longer accept donations?

Login to Me Too
18 REPLIES 18

ivordurham
Contributor
Contributor

I provide the website software and IT support for a non-profit which has also seen a spate of disputed donations under $5, mostly $1 & $2, beginning in Sept 2017. I've investigated donations from 61 different donors and found a number of curious things:

  1. All of these donations came through a donation page on our website. The page requires you to enter the donation amount and click a PayPal Donate button. If you wish to make a regular donation, you must select the donation frequency from a drop down. Some of the disputed donations had been set up as $1/week regular donations. Upon clicking the Donate button the form is submitted to PayPal where the donor must either login or opt to pay with a credit card without a PayPal account. Therefore each payment results from a conscious act.
  2. PayPal requires those signing up for regular donations to have a PayPal account, so those $1/week donors must have an account.
  3. Our webserver logs reveal that for these disputed donations our donation page is the ONLY page in the browser session. The form we submit to PayPal includes a "return" URL to a Thank You page. That page is never viewed upon completion of the transaction for any of these disputed donations.
  4. As part of this investigation I have been capturing the "referrer" URL provided by browsers. To date none of the sessions which generated disputed donations has had a referrer URL. This means that the browser was launched directly to our donation page, either from a link in an e-mail or some other way. They did not arrive at the donation page from another website or from another page on our website.
  5. I have followed-up by e-mail with all 61 donors (so far) to ask how their donation(s) came to be made, how they realized they were "unauthorized" and what changes we might make to the website to avoid the problem in the future. So far not ONE of the 61 has responded. I find this quite suspicious.
  6. Per the organizations privacy policy, donors are added to the mailing list. Each of the donors has received one or more e-mail messages. None of the e-mails has bounced due to a bad address. Each e-mail we send out includes an Unsubscribe link and the headers to enable the "Unsubscribe" button in some mail readers. To date all 61 remain subscribed to our mailing list.
  7. I've been capturing the remote IP address of the browser submitting the donation form and looking up the ownership. To date 51 of 93 donations have come from addresses owned by vultr.com, which appears to offer a VPN service. Other have come through common broadband providers like Charter, Cox, Comcast, Time Warner etc. Not sure what to conclude here.
  8. The geo-location for the non-VPN IP addresses span the country from Wisconsin to Texas.
  9. I matched one IP address to a city in Texas and found the donor with a distinctive name had addresses in both Texas and Louisiana. WhitePages.com produced a phone number, so I called and whoever answered the phone said they did not know anyone by that name even though it was provided by WhitePages.com.
  10. I've contacted PayPal support about this to no avail. The first couple of attempts received a boilerplate response which was obviously triggered by keywords in my message without actually reading the message. Finally I got a response that said, in short, (a) yes, you are getting disputed donations, (b) we have no choice but to refund them when asked, (c) no, we can't tell you anything about these donations and (d) all you can do is keep reaching out to the donors by e-mail. So we can't even determine whether the one-time donations came from PayPal account holders or people using a credit card without a PayPal account.

I am at a loss to explain what is going on and I've exhausted every avenue I can think of to gather more information about this situation. If anyone has any suggestions, insights or can share a similar experience I'd be very interested.

Login to Me Too

richards1052
Contributor
Contributor
When I called paypal security they told me that what may be happening is that people engaged in fraud may be testing your account to make sure it's active. But I wasn't clear beyond that what purpose this served. I've had 11 of these transactions, but none in 2 months or so. I'm certain they're fraudulent & that the individuals either don't exist or that the identities named as donors don't exist. If you receive donations that don't appear legitimate I would refund the funds immediately to avoid having the hoaxster dispute the transaction. Then you face weeks of waiting to clear the transaction. I've still got one in dispute from September! I wonder if it's possible for you to force every PayPal donor to check a box which generates an email back to you that ensures a real person rather than a bot or script created the donation.
Login to Me Too

ivordurham
Contributor
Contributor

We may have to add reCAPTCHA to the donation form which would be easy for people to click on but harder for bots. The bots would have to be able to login to the PayPal account to complete the donation, but a bot may explain why our "Thank You" page is never visited upon completion of the payment.

Login to Me Too

ivordurham
Contributor
Contributor

Just for the record, we added Google reCAPTCHA to our donation form. We are seeing the CAPTCHA solved prior to the suspicious donations being made, so it's probably a person rather than a bot, which was my original inference given that someone has to login to the PayPal account to make the donation. The rate of these disputed donations has abated somewhat, but they are still coming.

Login to Me Too

CCF-Berlin
New Community Member

Thanks to everyone else for the helpful information and suggestions.

I also operate the website for a non-profit with a donations button and we have also suddenly begun receiving a number of suspicious donations in the last few weeks - always in amounts between 2 and 5 Euros. We have had a donations button on our webpage for two years now but just began receiving these strange donations about three weeks ago. Before that, we were lucky if we got two donations a year.

I have noticed one common element for us: all of the donations are coming from people who use different currencies than we do (we are in Germany and use the Euro). The donations are coming from accounts in the USA (which would not normally be unusual for us), but also from accounts in Poland and the UK  (there is no reason for people in these countries to send us money). This is pure speculation, but perhaps these donations are coming from bots or people who are engaging in currency speculation. They send us a donation if they think that the Euro is undervalued, in the hope that it will rise within a relatively short time. If it does rise, they request a refund, which is converted back into their own currency, but at a higher rate. Voila, they have made money on the deal. If they send 5 euros to 200 different accounts, they can effectively speculate with 1000 Euros. We do not have a captcha (going to add one ASAP) or a minimum donation amount (ditto), so in our case it could be bots making these transactions.



Login to Me Too

Anonymous_User
Not applicable

It's common practice for people who buy stolen credit card info to verify or validate a good number.  In many cases, in order to stay under the radar, they  pick a small charity or organization and make a small donation.  If the transaction goes through, they have a good card - from there they go shopping on someone else's dime. 

Login to Me Too

haiiah
Contributor
Contributor

Our nonprofit is having the exact same fraudulent donation issue. Paypal has been no help.  If anyone finds a solution, please do share. 

Login to Me Too

ivordurham
Contributor
Contributor

We got the volume of these problem donations down significantly. While trying to work out what was going on, we began tracking the IP address for the donation submission by adding the IP address to the "custom" PayPal field, which we use for other data (saved trying to match the donation time with the web server log). Then we did the reverse lookup on those IP addresses and found a lot were coming through a single Virtual Private Network provider (so someone was hiding their location). We reported this as abuse to the provider who found that the many IP addresses/sessions we reported were associated with a small handful of accounts, which they subsequently shut down for Terms of Use violation. Whether they were doing other nefarious things which got them shut down or whether the abuse of the donations was sufficient I cannot say with certainty; the provider simply told us the accounts had been shut down. Then I blocked the IP address range for this VoIP provider as a precaution.

Login to Me Too

mirapope
Contributor
Contributor

I really appreciate all the work several of you have gone to, to track down these suspicious donations.   Why can we not get PayPal to note the repetitive suspicious activity (I have 60 donations in a few days) and cut it off at the nub.  I can't even get any response from them.   I wish I could follow what you are saying about getting back to the Network Provider or something (this form does not allow me to see your post while I'm writing.)  Is there some way you could post these instructions in "plain English"???  Anyway thank you for being smart and following thru.

 

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.