Check the returned orderId. The correct orderIDs are of the form: [seller ID]. [actual order ID] Find your seller ID in your Wallet account (last line on the order page) and check your application if it is the same. Since hacking Freedom cannot in any way know your wallet ID, the return ID of the hacked payments is different. Just refuse these payments.
Please note that this is just an assumption. I am currently not 100% sure if this works. Feedback will be appreciated.