Currys PC World has become the latest business to be hit by a wave of online eBay scams, with customers losing at least £111,000 in a little over two days, This is Money can exclusively reveal.

It came after hackers changed PayPal payment details on a number of its eBay listings, while the final figure lost could potentially be more than four times that - or nearly half a million pounds.

The online hack a fortnight ago, which left around 600 people out of pocket, was also potentially worsened by the site being targeted by a phishing attack, in which a fake eBay sign-in page appeared to be used to harvest people's details.

Customers were left in the dark for days by eBay and PayPal after the hack, which took place on the weekend of 19-20 October 2019.

While previously it was small businesses and sole traders left out of pocket after their eBay listings were attacked, FTSE 250 retailer Currys PC World has now been hit

The three firms involved have finally started to inform buyers affected by the scam, though many victims were initially denied refunds, while eBay and PayPal denied any problems had occurred.

Both eBay and PayPal have previously been criticised by scores of small traders who rely on the auction site for business after they lost thousands of pounds to similar scams.

Fraudsters changed PayPal payment addresses on listings for items including cosmetics, domestic cleaning products and workwear to near identical email addresses, such as changing an 'l' to an lower case 'i'.

Key to the success of the scam was siphoning the money off in small amounts over long periods of time, and PayPal addresses being changed without anyone being alerted.

The people behind the businesses affected told This is Money that eBay and PayPal both passed the buck to each other, while one was asked to contact all 2,500 people who unwittingly sent money to a fraudster to tell them to open PayPal claims for their transaction.

But the news of another hack appears to pile more pressure on eBay and PayPal, especially given that Currys PC World, part of FTSE 250 company Dixons Carphone, is one of the UK's most recognisable retail brands.

A reader who tipped us off about the scam unwittingly sent £1,200 to a fraudster after spotting a deal for the new iPhone 11 Pro Max on an online forum on Saturday 19 October

This is Money was informed of the scam by one victim, who spent £1,200 a 512 GB iPhone 11 Pro Max on Saturday 19 October, after being told on an online forum it had been reduced in price on eBay.

The latest smartphone from Apple was released just last month, with the 512 GB Pro Max usually retailing for around £1,500.

However, rather than Currys PC World, the money instead went to a fraudster who had set up an alternative PayPal account.

They appear to have switched payment details on the iPhone 11 Pro Max listing - as well as listings for the standard iPhone 11 and possibly for the iPad Pro as well - from 'PayPal.newark@thetechguys.com' to '@tehtechguys.com'.

While at face value he appeared to have sent money to Currys in return for the order, the PayPal payment address had actually been switched to one set up by a third party fraudster

Our reader, an online web designer, also told us the eBay sign in page behaved strangely after he attempted to log in to pay for the phone, and that he kept being kicked out and told to log back into eBay.

He said he discovered this page was a phishing link and displayed a fake eBay page over an '.icu' subdomain. He said: 'To the untrained eye you wouldn't pick up on this at all'.

When he sent the link in a word document to This is Money, we were greeted by an antivirus page warning us of a 'deceptive site ahead' which 'may trick you into doing something dangerous'.

Ebay has continued to deny to our reader that any security issue took place, while Currys PC World has no evidence this was the case.

One reader also told us the scammers had set up a phishing link to harvest personal details from those purchasing the items on eBay. The auction site and Currys PC World both deny this, but a link sent to us from our reader immediately draws an anti-virus warning

According to publicly available eBay listings, 14 iPhone 11 Pro Max phones were sold and 140 of the regular iPhone 11 phones were, before the products were listed as 'sold out'.

The scam appeared to take place over the weekend of 19 October with the PayPal address changed back to normal on Monday morning.

Our reader told us he thought the fraudster had banked on there not being anyone monitoring the eBay listings from Currys PC World at that time.

14 iPhone 11 Pro Max phones were paid for during the scam, netting the fraudster £16,899

According to the listing, 13 of the Pro Max phones sold for £1,200 and one sold for £1,499, while 75 iPhone 11 phones were sold for £650 and 25 for £720.

While eBay only publicly shows the last 100 sold items on a listing, even estimating the remaining 40 phones sold for the lower price means £111,174 was stolen by the hacker over the course of just over two days on those two listings alone.

However, with Currys PC World confirming to This is Money 'approximately 600 orders' were affected, it is likely the amount customers lost could be four times this amount - or nearly half a million pounds.

Payments for 140 regular iPhone 11 phones were also siphoned off. This is Money worked out the 154 orders together amounted to at least £111,174, with Currys PC World informing us 4 times that many orders were affected in total

It said in a statement to This is Money: 'The Currys PC World eBay store is hosted by eBay with payments processed by PayPal.

'Over the weekend, the eBay store temporarily experienced issues affecting approximately 600 orders from our customers. This has now been resolved.

'We are very disappointed that this has happened and we're working with eBay to investigate what has taken place.

'While we don't host this website, we are providing affected customers with guidance on how to obtain a refund from PayPal.'

It also all but confirmed the scam to our reader in an email sent on 26 October, in which it said: 'Due to reasons outside our control, we have not received the payment from PayPal for your order and are unable to fulfil this.'

However, anyone seeking redress over the weekend the scam occurred found themselves out of luck.

Our reader showed us an email sent by PayPal in the early hours of Sunday morning, in which it denied his claim for a refund as 'this transaction was not unauthorised.'

Customers initially had claims for compensation denied by PayPal

Meanwhile, in a live chat on the same day, an eBay customer service representative said: 'the payment has gone safely to the seller', and 'your transaction is definitely legitimate, there is nothing to worry about.'

Only on the Wednesday, four days after our reader had unwittingly sent £1,200 to a scammer and after he had contacted Currys PC World, did he receive a message on eBay which stated: 'Unfortunately this order was incorrectly processed and so PayPal are organising refunds.

'We have spoken with PayPal – they have said they are currently working to reverse any affected transactions and these funds should be in your account over the coming days.'

However, both eBay and PayPal have now changed tack and told those affected that after the order was 'incorrectly processed' refunds would be issued. Neither informed victims in the immediate aftermath of the scam

Another person on the same online forum our reader saw the link to the deal wrote on Thursday 24 October: 'I've had no contact from eBay, PayPal or Currys to date so this came as a bit of a shock.

'You would think that when they suspect that fraudulent activity has occurred they would want to warn the affected parties.'

Ebay told This is Money in a statement: 'The issue was resolved quickly and customers can continue to shop with full confidence.

'We are working closely with Currys PC World on an investigation into the matter.'

Our reader has not yet received a refund, though has received a £50 Currys PC World voucher.

In an email sent to him by PayPal on Thursday 24 October, it said it was requesting additional information from the person behind the PayPal account the money was sent to following the switch on the listings.

PayPal told This is Money: 'We are aware of this incident and are currently working to reverse any affected transactions. These funds should be in customers' accounts over the coming days.

'If a customer has not seen their money refunded then they may need to raise an 'item not received' case via their PayPal account.'