Top 15 PayPal Scams (Plus How to Spot and Avoid Them Easily)
PayPal is one of the most popular online payment systems worldwide and an excellent option to send and receive money. Its worldwide fame makes it a very attractive platform for cybercriminals and hackers, who keep trying to get a share of clueless or inexperienced users.
It is possible that at some point you had fallen into the trap and ended up being a victim of a PayPal scam. If so, you have learned the lesson.
However, if you have not been targeted by scammers yet, it is recommended that you know the most common types of PayPal scams and what you can do to avoid them.
But, let’s uncover some facts, first.
The FBI recorded 467,361 complaints in 2019, which is an average of almost 1,300 every day, caused both individuals and businesses to lose more than $3.5 billion collectively.
The most frequently received complaints were either phishing or similar ploys, extortion, non-payment, and non-delivery scams.
No one wants to become a victim, but given the methods that keep evolving, hackers are trying to stay one step ahead of the general public.
On February 11, 2020, Vade Secure, the world’s leading provider of predictive email protection, released its Phisher Report (Q4 2019), which included 25 best-known brands in the list who have become the victim of phishing attacks.
As per the report, PayPal remained the top brand targeted by cybercriminals, with Facebook coming second and Microsoft third.
PayPal was the main impersonated brand in phishing attacks for the second consecutive quarter. Although PayPal phishing decreased 31% from the third quarter, transaction volume spiked by 23% from the same period last year.
In the UK alone, people lost over £1 million in PayPal scams in the last quarter of 2019.
15 top PayPal scams
As you have learned some facts above, you now know that scammers are on a constant mission to lurk PayPal users and even the company itself.
PayPal scams can occur in different forms such as phishing websites, emails, suspicious links, malicious adverts, and more.
All such scams trick users into giving their private data such as passwords and usernames or are designed to look official in order to trick users into giving up private data, such as usernames and passwords, or to collect payments illicitly.
How do they succeed? Is there any common ground in all the PayPal scams out there? I hear you ask.
The answer is; yes, there is one thing common. One thing that the scammers try to achieve in all the scams is that they design it to look official, which tricks users for them.
Here are fifteen common (and most notorious) PayPal scams for buyers and sellers collectively. Be educated and beware.
1. Problem with your PayPal account
It is possibly one of the most persistent scams we can find today.
In such cases, normally, a user receives an email saying that there is a problem with their PayPal account, or that the account is going to be closed.
Next, the scammer requests that you must take action immediately to solve the problem. For this, the usual thing is that a link is provided through which you have to log in to the account.
Entering the provided link opens the way for thieves and they then can obtain your credentials, and later empty the account if you have got any funds or do shopping with your attached cards before you know anything.
There are a couple of aspects that you should consider to avoid falling into such a scam.
Please remember PayPal never asks anyone to enter their username and password in a link sent through email or message. You only need to do this on the home page of the company or in the app.
Subsequently, you must look closely at the email address from which that message was sent.
The scammers mostly use an email address that looks similar to the official addresses, it could be either a slight misspelled one and vice versa.
2. Identity fraud
It is a scam similar to the previous one, which is also quite widespread. In this case, users are told that there are problems in their account or it is suspected that someone has accessed it from an unknown location.
Then again in this case, too, the scammer asks targets to enter the account details by clicking on a specific link provided in the email.
Once someone fills out the account detail page (which again looks identical to the official PayPal page), their PayPal account credentials fall straight into the hands of hackers.
The takeaway from this is the same as in the previous case; PayPal will never communicate with you in such a way, nor will it provide you with a link in which you have to enter your account details immediately all of the sudden.
In addition, if you look closely at the email address that sent the message, you would notice that it is a spoofed email address – a fake email address such as email@example.com that have nothing to do with PayPal.
3. Advance payments
It is possibly the oldest scam we can find on the net. Although the surprising thing is that there are still people who fall into it.
Here, you are sent an email saying that you won a lottery or that you have received some inheritance.
In either case, the user is told to have won a massive amount of money, but in order to have the paperwork done, he must make a certain payment through PayPal.
Never get excited and bother replying to such emails, blocking that email address and marking it as spam is the best way to deal with this scam.
4. Paid more for a product via PayPal – Seller
This is one of the most recent PayPal scams that we came across, which is very sophisticated and still goes unnoticed for many.
It has reportedly stood out for scammers as it is very effective. For those users who sell products on platforms like eBay, among others, it is something to beware of. It works as follows:
- You sell a product on some websites.
- The buyer will make the payment through PayPal.
- He makes a payment of an amount greater than what had been agreed or at the price of said product.
- Said buyer then asks the seller to return the extra money he paid.
Where is the trick this time? The buyer in question is going to request that the money should be transferred to a different account than the one used to make the payment of the said product.
When that is done, the buyer (which is a scammer in this case) cancells payment, which causes the seller to lose money that was overpaid, in addition to losing the money from the sale.
If you sell products on any website and use PayPal to receive payments, you must beware of this.
Normally, nobody is going to pay you extra money. If someone does, it is better to cancel said sale or payment and repeat it with the exact amount.
5. Scams on Craigslist and other classifieds sites – Seller
Even though the majority of online businesses are secure, you should be cautious when selling things on classified sites such as Craigslist.
Sadly, an accountable number of people using these sites promise to pay via PayPal but never send a payment for the purchased goods. You may look for common signs of scam attempts such as:
- The buyer cannot meet you in person for various reasons of his own (military in Iraq, marine biologist, etc.).
- The buyer asks you to send the item to his “delivery agent.”
- You get to offer more money than you asked for.
- The buyer sends you only SMS and does not speak to you on the phone.
If you have received an email that appears to be from PayPal and indicates that you have received money, quickly look for the following signs to see if it is a fraudulent email:
- The email is addressed to you without using your first and last name (it will begin with a generic greeting such as ‘Hello, PayPal user’ or ‘Dear user’).
- The email says that the money will be “blocked” until you take action (for example, send money by Western Union or click a link to send a tracking number).
If any of the above situations arise, terminate communication with the potential buyer. Remember that Craigslist and other similar sites are designed for local sale/purchase.
There, in most cases, you can meet the person in real or the buyer who genuinely wants to buy something from you never hesitates to pay you in advance to get his goods delivered (they know how classified sites work).
And also, before reacting to any email, you can always see whether you received any money by logging into your PayPal account.
6. Shipping address change – Seller
If you have an online store or sell products on any website, an invalid shipping address or change of shipping address is another common PayPal scam to consider.
The buyer mostly chooses the shipping method from available options at the time of purchase, which the seller complies with and sends the product.
However, if your buyer happens to have a malicious motive, he will later contact the courier company without your knowledge, to change the delivery address.
And then, after a while, he complains that the product he ordered never arrived.
Another variant of the same scam is for the scammer to use a different delivery address than the one shown in his PayPal account.
Then he will claim that the product never reached its destination, therefore asking you to reimburse the money.
That way the scammer gets the product for free.
Since PayPal’s Seller Protection does not cover a shipment made to the address that is not on file, the seller loses both the payment funds and item they shipped.
If you sell products online, the recommendation is to always look at the shipping address closely.
You should better refuse to sell goods if the address is different from the one shown in your potential buyer’s PayPal account.
Unfortunately, this PayPal scam is hard to avoid and the seller is always at a risk.
Still, if you can make sure there is the same address everywhere for the buyer, you can prevent scammers from claiming that the product never reached its destination in most of the cases.
7. The chargeback scam – Seller
If the buyer decides to scam you, even if you can prove your shipment, he can still reverse payment through his financial institute.
In such cases, the buyer asks his bank to cancel the payment for an excuse such as the fraudulent use of his bank card following a loss or theft.
Then, PayPal automatically debits the amount of the chargeback from your PayPal account, and even if your account balance is zero, PayPal will put it as the negative.
After that, it will be a real obstacle course to assert your honesty regarding this transaction and prove the buyer’s wrongdoing.
You will have to file a complaint about the scam and bring all the documents proving that you dispatched item(s) in question properly to PayPal and the concerned law.
PayPal is striving to limit these risks but still keeps warning sellers of this danger. This PayPal scam, in fact, has more to do with an individual’s ethics, if someone goes this far to scam a seller, you can’t do much (at least instantly).
8. Phishing PayPal scam
Phishing is a technique by which cybercriminals design emails to deceive their targets and induce them to take action which may involve downloading malware disguised as an important document (for example).
Victims can also be asked to click on a link that redirects them to fake websites where they are asked for sensitive information such as bank details and Amazon or PayPal credentials.
Most of the phishing emails campaigns are run at large, mostly. They can be sent to thousands of recipients at once.
Others, on the other hand, only target a well-defined category of people such as business leaders.
In 2014, the APWG (Anti-Phishing Working Group) conducted a global study, which suggested that 54% of phishing emails targeted popular brands including PayPal, Taobao (Chinese marketplace), and Apple.
The study indicated that phishers keep updating their approaches looking out for new targets in niche industry segments.
If you tend to pay attention to details, it is easy to spot and avoid phishing scams. In the case of PayPal, the spoof website URL that the scammers would ask you to click will have a misspelled domain.
For example, instead of PayPal.com, the scammer’s domain would either be PayPall.com or PayyPal.com and vice versa (hope you get the idea).
9. Zero-day operating kits
This type of attack targets vulnerabilities that have not yet been fixed in computer software.
The name comes from the fact that on a day the patch is released, fewer computers are exposed to cybercrime attacks as users download software updates. Zero-day operating kits are often sold and purchased on the dark web.
While many anti-spam engines, email service providers, and clients have become adept at detecting spam messages, malicious texts sent through legitimate, high-profile providers are way harder to catch.
In 2016, Proofpoint analysts reported a potential attack on PayPal’s legitimate email services that enabled attackers to deliver malicious content using official emails.
Specifically, they observed emails sent with the subjects like “You have got a money request” that appeared to come from PayPal.
In such a case, the sender does not appear to be fake: on the other hand, the spam gets generated by either using stolen accounts or registering with PayPal (using zero-day operating kits) and then sending emails to “request money.”
This is amongst the PayPal scams that are hard to spot as the email coming to your inbox is sent using an official account (the email ID that ends with paypal.com, for example, firstname.lastname@example.org).
However, you can avoid falling prey to it by following one simple yet effective rule of ensuring your internet security. What is that? I hear you ask. That is; never click links in the email.
If you ever receive an alert or notification even from PayPal in email, it is always best to log into your account directly and see the notifications or transaction activities yourself instead of clicking links in an email.
10. Legitimate-looking unofficial site hoax
One of the most frequent events where you can encounter scams online is when creating an account on a platform. You may find a link on a certain page to sign-up with a service without knowing if that leads to the right destination.
What does the attacker get with this?
The victim registers on a page nailed to look like the legitimate one, but in reality, he is giving the data to some cybercriminals. The data collected in such hoaxes include first and last names, as well as the e-mail address and bank details.
So concerning PayPal, if you have to sign-up with the service, make sure you do it by visiting PayPal.com directly.
11. Send money as friends and family
This is a classic PayPal scam. In such cases, the seller asks you to send the money as friends and family with different explanations such as if you do say, there will be no or less PayPal fees.
However, this is a problem for the buyer. In case the product does not arrive in good shape or you never even receive it, you could not file a dispute with PayPal if you sent money using PayPal’s ‘friends and family‘ option.
So beware and never come to an agreement for friends and family payments with any seller online.
That is of course if you do not want to be deceived and receive a product that is not as advertised or even worse, not even get one.
12. Fake PayPal Services
Scammers have faked their names in the past. It is a common practice done by a man with a malicious mind both online and offline.
They would simply fake a name in the sender’s email e.g. an email can pretend to be coming from “PayPal Services,” but in reality, it could be from email@example.com.
At first glance, you would not see the actual name; however, if you place your mouse cursor over the email sender name or click on the “Reply” button, you must be able to notice the sender’s full name.
More sophisticated scammers can fake the full name to look like a valid sender, so be cautious (pay close attention).
As noted above in the zero-day operating-kit scam, although making sure that the email you received is from a legitimate account is important, but it is not enough.
It is essential to carefully check the complete email.
And even if you click on aa link provided in the email to get into your account, always check that the domain says “www.paypal.com “in your browser.
That said, here again, click a link in the email is never recommended; always visit PayPal directly no matter what.
13. Fake donations
Online scammers even use tragedies to fool people with a good heart and make them send donations to fake charitable organizations.
Such scams generally get on the rise when there is a natural disaster (such as flood or an earthquake), a terrorist attack, or a refugee crisis.
You must review the details of any charitable organization you want to help to ensure that your funds go to genuine victims.
14. Vishing (Voice Mail Scam)
Vishing is one of the latest PayPal scams where scammers use an automated system to carry out voice calls, reporting problems on the account, and asking for information about it over the phone.
Let me share with you an example script of what you could hear in a Vishing call:
We are calling you from PayPal to inform about a possible fraudulent transaction in your account. Please enter your password to hear the details of the transaction. We need your immediate action to be able to block this transaction and secure your account.
Once you enter your password, scammers get the information necessary to access your account. That is obvious, right?
Therefore, never provide your account information to third parties, unless it was you who initiated the conversation. Never trust the caller’s ID, even if it tells you that it is from PayPal.
On top of everything, PayPal never asks for your credentials over the phone or email; even if they need to verify the account, you would only be asked about the last few digits of your password or attached card.
To give you a better idea, the followings are what PayPal will not ask you to send them over an email, message, or phone:
- Your full credit or debit card number.
- Your bank details.
- Your full name registered with PayPal.
- A list of all your email addresses linked to the account.
- Your physical addresses.
- Your security questions and the answers.
- Your PayPal or any other account password.
15. Smishing (Text Message Scam)
Phishing can be done via text or voice messages to your mobile device.
Such fishing is known as Smishing, and in such cases, the scammer sends a text message to your phone number using a non-existent number or app.
In the case of such PayPal-targetted frauds, the type of message a target receives is usually like this:
Your PayPal account has been suspended due to suspicious movements. Contact us immediately at (then comes a phone number, for example, 1234 5678 90). You should speak us immediately.
“PayPal: You have made a payment of 300 euros. If you did not authorize this transaction, call us at 1234 5678 90 at once. Thank you.”
If you get panic and call on that number, you will be confirming to the scammers that you have a PayPal account.
When talking to you, the scammer will ask for your account information so he can either transfer your funds to his account or steal personal information.
Always avoid such messages and check your PayPal account if you have any important notice from the service.
If you receive such texts, delete those messages and contact PayPal security experts at “firstname.lastname@example.org” and inform them of what happened so that they give you the instructions to follow.
Checklist to Keep Yourself Safe from Common PayPal Scams
Being able to sell and buy online is the luxury of this digital age, but there are some essential things you must know and do for keeping your information, money, and yourself safer online. Here is a checklist of them:
If you are buying something:
- Make sure you buy only from reputable online retailers and websites.
- Check your credit card and bank statements carefully, always.
- It is not enough to close your browser once you are done with shopping, never forget to log out of the websites.
- Always double-check complete details of all the goods before confirming payment.
- Stay away from offers that look ‘too good’ to be true.
- Check the sender of every incoming email carefully to make sure an impostor did not send it.
- Make sure your device has got the latest antivirus installed on it.
- Ideally, opt for using a quality VPN such as ExpressVPN so that your internet traffic becomes completely unreadable and your information stays shielded from potential scammers.
If you are selling something:
- It is not recommended to include any personal information while describing your items for sale.
- Always double-check you have got the funds in your PayPal account before you ship the item.
- Never let any of your personal details to be seen in the background your items’ photographs (for example, your vehicle number plates or house number).
- If you have offered an item for personal delivery or pick up, try to meet your potential buyer in the public and make sure to accompany someone with you.
- Never come to an agreement of shipping your products to an unverified address.
- It is always better to set up a separate email ID for customer service and sales so that your personal account remains private.
For what am I covered with PayPal protection policies?
PayPal revolutionized payment between individuals right after its launch in 1998. Now it is used for everything, including payment in stores or contracting services.
It’s essential to know what items are covered and not covered under this online service should you fall prey to scams.
If it is a purchase, PayPal fully protects the buyer in any item that can be sent by mail and is not prohibited by law. This means that PayPay will return your money, even if you cannot recover it from the scammer.
However, there are products that are not covered by the online payments giant’s Buyer Protection. Those include:
- Real estate.
- Handmade items.
- Gift cards.
- Prepaid cards.
- Transfer of funds to family or friends.
- Anything bought locally in person and not online.
- Items that the buyer received exactly as the seller had described in his listing.
Subsequently, PayPal Seller Protection can cover tangible and intangible items (services and tickets among others) paid at once with PayPal and, in the case of tangible items that have been sent to the address registered during the transaction.
As in the case of a buyer, there are some items for whom PayPal does not provide protection to the seller, too. Such items include:
- Items prohibited by law.
- Licenses of digital products.
- Claims, chargebacks, and cancellations for items very different from those described.
- Items delivered or collected in person.
- Items whose value equals a cash amount (for example, gift cards and prepaid cards).
- Payments related to financial products and investments.
- Items purchased through classified ads.
- Payments in gold (either in its physical form or as a quoted value).
- Disputes opened directly with PayPal in the Resolution Center.
Report a suspicious email pretending from PayPal
Phishing is an unlawful attempt to siphon someone’s sensitive and private data.
The most famous phishing technique is to send targeted users an email on behalf of a known company, such as PayPal. These emails may contain links to fake sites or fraudulent attachments.
Spoofy websites encourage you to enter personal data, such as your Social Security number, credit card number, and password.
But the question is what do you do if you encounter any such email? You simply report it to PayPal.
Have you received a suspicious email?
If you consider you have received a scam email, do the following immediately:
- Don’t enter any financial or personal information. Don’t click on any link or download any attachments from the email.
- Send the complete email to email@example.com.
- Delete the suspicious email from your account.
- PayPal will send you an email reply to confirm if the email you received is fraudulent or not.
Have you come across a fake site?
If you come across a fake site, do the following immediately:
- Don’t enter any financial or personal information. Do not click on any link or download any attachments from the site.
- Copy and paste the site address (URL) into an email, and send it to firstname.lastname@example.org.
- PayPal’s security specialists will review your request, and if it is a bogus site, PayPal will do its best to get it shut-down completely.
With these simple actions, you will not only help yourself stay safe but also protect the entire community.
Avoiding PayPal scams is not difficult. For starters, many of these fraudulent emails are already filtered in your spam folder.
If for any reason, they escape, all you need is to take care of some commonsensical things.
Make it a habit to do some common sense stuff like never sharing your credentials, avoiding opening suspicious emails or clicking on links in emails or text messages, keeping your device OS updated, and not getting close to the strangers.
Also, remember despite the ever-growing sophistication of phishing attacks, you can protect yourself online by making use of security tools specifically designed to protect you.
VPN is one such tool that can help keep your information safe online. Again, a tool like VPN is not enough, you must stay aware and use your common sense to avoid PayPal scams.
Always keep in mind that while PayPal and similar online services function as handy tools for painless and quick money transfer, they also are go-to hunting grounds for greedy scammers. Stay safe.
About the author
Gannicus Oliver is an experienced tech journalist (he loves writing on emerging techs and digital privacy issues) and an online business consultant. He boasts over four years of writing experience. In his free time, Gannicus enjoys uncovering thrilling adventures and traveling around the world.