Some time ago I received a payment on Paypal from one of my websites… for $0.01 cent 🤔
I was very surprised to see that, as you can imagine.
At first – some wishful thinking – I thought it may be a mistake, a bug, and that this “new customer” tried buying the service correctly (which was for $52 dollars) but something went horribly wrong during the process. And so I contacted the customer to his Paypal email, hoping to get a reply and get them to send the correct amount for the service they tried buying.
That was a waste of time…
Scam!!!
Then I went on Google and searched for this, and as it turns out it’s a well known exploit, a scam! 🤨
What happened is, that website of mine was coded a long time ago, and it was using the old Paypal Standard payments system. And because of that someone who knows what they are doing could manipulate the code on the client-side and submit such a payment, tricking my site into thinking the payment was done for the full amount.
Now, my site was not hacked or anything like that, so I didn’t lose anything 🤗 🤩
Why would someone do that?
It’s very simple, someone would do this to get free stuff! 🤑🤑🤑
This particular website of mine was selling a service which could be delivered automatically after someone buys, or at least started automatically. However, I’m a little more… primitive than that haha… so I was processing the orders manually. But if the service was started automatically, and let’s say the scammer made this fake payment and I didn’t see it soon enough, they would have received the service completely free! I mean, I didn’t even get to keep the $0.01 cent haha…
Check it out:
See? Paypal STOLE that $0.01 cent from me, like a thief in the night! Made me very sad! lol 😁
No but imagine someone has a website selling downloadable products (Graphics, eBooks etc) that are instant delivery, and a scammer who knows how to do this trick comes on their site. Now the scammer literally has free reign to take anything they want from the site by making these fake little baby payments and tricking the site into thinking they’re legit payments, and receiving the products.
You can read a discussion about this exploit here – Paypal Payment $0.01 – WTF?
Here is a video I made about this:
Conclusion
At the end of the day, nothing gained nothing lost, and I learned a valuable lesson on how automation can bite you in the ass. Had the services on that site of mine been automated, this person would’ve been able to take anything they want. And if the services on my site cost me money to deliver, they could have caused me some real economical damage using this exploit.
I will end this by saying that if your Paypal code is up-to-date you probably don’t have to worry about this, as I’m sure they’ve put in place safeguards against this type of exploit. The website this happened to me on is from back in 2014, and the theme could be even older than that, so the Paypal code on it is pretty old.
But I guess I figure, if it ain’t broken don’t fix it 😀
For real though, if this site was a site where this exploit could harm me, I would immediately drop everything I’m doing and make it a Top Priority to implement a fix to this loophole and make this type of exploit impossible in the future. But orders on the site are processed manually, therefore this kind of thing can’t hurt me.
I still have that website by the way, and I still have the same Paypal code on it, and we’re still going strong! 😎
That’s all folks! 🤴
If you think someone has used your account without permission, report it to PayPal immediately and we’ll help protect you as much as possible. If reported within 60 days of when the transaction appeared on your account statement, PayPal can protect you with $0 liability for eligible unauthorized transactions .
Well, sure yeah that’s all true. But that’s not exactly what this article is about.
In any case, valid comment. Thanks for sharing :)