It took a while, but we got our first Plug and Save fraudster yesterday. The fraud wasn’t very difficult to spot but we’re detailing what happened here because it might be of value to other webmasters.

We certainly aren’t going to invest any time following this up or investigating it but here’s what we believe happened.

1) The frauster uses a firefox extension (we won’t disclose which one) that can be used to manipulate the values of a web shopping cart before it gets sent to PayPal. He set the payment info to just $0.02 (1 cent for the product, one for postage).

2) Fraudster paid us 2 cent via PayPal.

3) Our OSCommerce site reported the transaction as verified and ready to pack in our orders log.

Fortunately a $0.02 order isn’t hard to spot however we might not have been so quick to stop the transaction if he’d knocked off $100 for postage or if he’d ordered an expensive unit for the price of one cheaper.

We verify all orders ourselves and we need a postal address to ship products to so this isn’t a very effective fraud against our type of business. For webmasters selling digital goods or services it’s worth being aware that this scam is still being used.