Sellers Beware

Sender’s email:
Sender’s name: Donna Johansoncaine

This person does not seem to be a member of this forum, but that does not mean they (or someone they know) isn’t an Xojo developer.

In November, someone (supposedly NOT this person) purchased some software from me, and then told PayPal that it was an unauthorized transaction.
Leaving me short that much revenue , and them in possesion of the software (in source code format). PayPal denied “protection” due to “intangible goods”

I doubt seriously, that this was a mistaken transaction, since the above information is what triggered the funds, and is where I sent the source code. And since the source code is only of use to an Xojo developer.

So if you receive an order from the above person, be ware that they might attempt to scam you too.

Since Paypal won’t protect “electronic goods”, I guess I’m going to have to send each person who places an order an email to have them confirm it first. sigh

Well, if you give people a download link, which can be revoked, it may limit them from downloading it again later.

But welcome to the real world.
Sometimes I get notice months after a transaction that the card was reported stolen and money refunded.
If it’s a real customer, they usually pay again as they want to keep it and receive updates.

This was delivered via email… so the email I sent it to, was linked to the Paypal account that paid for it… telling me, that the person who recieved it , was in fact the person that ordered it, and such an order could not be made “accidently”

Well, people can steal a credit card, make a new PayPal payment with that card and their email address.
We have a lot of sales to people just creating their PayPal account with the sale.

Anyway, if you’d change to a system where you send an unique link to download, you can see if they downloaded it and you could block the link later.

The names you said above are probably fake, too.

  • create a unique URL for each customer/download? that seems like a lot of work
  • and blocking the link later… isn’t that like “closing the barn doors after the horses have escaped?” once they have it, they have it

Some buy it, but don’t download it for weeks.
Some loose it and than the second download is blocked.

There is not much you can do, but at least you can make it a little harder.

Well, the only peace of mind is that there’s no way they’ll ask for support. Even though they have the source code it’s most likely if they pull this sort of scam they won’t be smart enough to use your source.

Another theory: Between the wife and I we’ve often questioned something came through on PayPal with a weird name/address/amount and have had to backtrack to the date and search email to figure it out. Have you tried contacting them to see if it was a mistake? You probably have but thought I’d mention it.

Twice actually… with no response

Sorry to hear that. This community is usually pretty solid.

If you still have an original email from the person you can look at the source and get the IP of their email server. That won’t get you a refund but you might be able to figure out the country.

Sorry to hear about the dishonest customer, and thanks for sharing your story Dave. This will help others learn about this scam. I am sure we all have a few stories we could share :slight_smile:

This has happened to me about 20 times over as many years.
Its annoying … in my case, I can usually prove the sale was deliberate, and that that software was downloaded, and that it was installed, and the IP address that used it.
That doesn’t matter a jot to Card companies or Paypal: if a ‘customer’ says they don’t recognise the transaction, you lose the money.
So now, I can remote disable the software.
(But the small incidence of fraud means that the time it took to implement the method wasn’t really cost effective.)

The “original” email is via Paypal… not directly from the “customer”

knocking on wood This hasn’t happened to me in 15 years of selling stuff. Maybe I’ve not had an incident with software or source code because I’m going through FastSpring? Buyers have to jump through a process and I have logs for when they purchased and when emails were sent out. Some of my source goes through a proprietary app that tracks their IP so I can at least figure out their if they downloaded it and what their IP address was at the time.

I’ve just started using Xojo and have only recently purchased a number of plugins. My PayPal email address is not the same as my ‘regular’ email address. Perhaps I’m missing the point of your post but please don’t lock those of out who like to use different email addresses in different places :slight_smile:

That is not a problem to have more than one email.

And it may be good to tell us more than one email in case an email server blocks us.

I too use different email addresses. For “personal” Gov’t reasons - (the real one), and other email addresses for various purposes. That way I feel comfortable that I can’t be easily hacked. It’s a basic filter.