Anyone ever seen this?
I have had 5 orders paid by PayPal, for £1, for products "Gift certificates" that do not exist on my OpenCart site. Nothing on my site is £1.
No shipping details on 4 of them, order confirmation e-mails are bouncing.
I still have control of the site, and my PayPal account, have changed the passwords and put the site in maintenance mode. The only funds in the PP account are the payments minus the PP commission.
I can't see a way to report the PayPal transactions as suspicious. None of the three options in the Resolution Centre help.
What's the scam here? What are they hoping to achieve? What do I need to do?
Anyone have any ideas?
So I did a bit more digging. There are a lot of failed orders, all related to gift vouchers. There have been a few forum posts about this and disabling gift vouchers.
The bouncing order confirmation e-mails are notification that a voucher has been purchased, seemingly to a randomly generated e-mail. Multiple from the same "user" to different recipients.
I do not have the default link to vouchers in the footer - I removed that years ago.
I do not have gift vouchers enabled in order totals - never had as far as I am aware, or I disabled it years ago.
So how are these orders for gift vouchers being generated? Where is the funding coming from?
The bouncing order confirmation e-mails are notification that a voucher has been purchased, seemingly to a randomly generated e-mail. Multiple from the same "user" to different recipients.
I do not have the default link to vouchers in the footer - I removed that years ago.
I do not have gift vouchers enabled in order totals - never had as far as I am aware, or I disabled it years ago.
So how are these orders for gift vouchers being generated? Where is the funding coming from?
What is your opencart version and theme being used? Do you have any extension installed which could effect these behaviour ? Have you tried looking into your server access logs and trace etc what's going on ?
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy. 
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
You can't disable gift vouchers, unless you remover the controller. The order total is for when you use a gift voucher to pay for a purchase. Could be some sort on BIN attack.
3.0.3.9 with default theme.
I guess the attacker, if they know what they are doing, could manually create a link to vouchers even if there are no links on my pages. I wonder if I could trap those in my .htaccess?
This thread viewtopic.php?t=230326 shows how to disable vouchers. I have now done this. I will take the site out of maintenance mode later today and monitor things.
One "buyer" has now raised a dispute with PayPal, so there must be at least one hacked PayPal account in use by the attacker, which makes a bit more sense.
I guess the attacker, if they know what they are doing, could manually create a link to vouchers even if there are no links on my pages. I wonder if I could trap those in my .htaccess?
This thread viewtopic.php?t=230326 shows how to disable vouchers. I have now done this. I will take the site out of maintenance mode later today and monitor things.
One "buyer" has now raised a dispute with PayPal, so there must be at least one hacked PayPal account in use by the attacker, which makes a bit more sense.
Who is online
Users browsing this forum: Semrush [Bot] and 21 guests
