Common PayPal Scams & How to Prevent Them

  • By David Lukic
  • Published: Oct 12, 2020
  • Last Updated: Mar 18, 2022

PayPal is one of the top digital currency exchanges in the world. Nearly everyone has heard of PayPal and has used it at least once to receive or make a payment. Many online vendors allow payments through PayPal. The platform’s reach and trustworthiness also make its users enticing targets for PayPal scams and fraud.

What is PayPal?

PayPal operates as an intermediary between participating businesses and banks. By making purchases through PayPal, users avoid the dangerous act of giving their credit card or bank numbers to every site they shop at.

PayPal was founded in 1998 by Max Levchin, Peter Thiel, Luke Nosek, Ken Howery Yu Pan, and Russel Simmons, and was originally called Confinity. After its IPO in 2002, it became a wholly owned subsidiary of eBay, the community marketplace. By 2018, PayPal ranked 222nd on the Fortune 500 of the largest United States corporations by revenue.

All sales and purchases made through eBay go through PayPal. In 2005, PayPal acquired VeriSign to add to its e-commerce platform and provide security and confidence to its products and services. As of today, there are more than 360 million people with PayPal accounts across 200+ countries. That is a huge customer list providing plenty of targets for scammers on PayPal.

How PayPal Scams Work

PayPal, although very popular, is not the most secure payment service around. PayPal is well known, so that makes it easier for scammers to trick unsuspecting customers using phishing emails, malicious websites, fake social media ads, and spoofed links.

Since PayPal frequently sends out emails and text messages to its users. This allows criminals to study the platform’s style and tone and recreate it in their scams. This makes it harder to distinguish legitimate communications from cyber threats.

The scammer’s goal is to bilk money or personal information out of people. Everyone is at risk, including businesses, self-employed persons, and even individuals who only use PayPal for personal payments. Sometimes they want your username and password; other times, they simply get you to pay for things you never wanted. Some of the most common scams through PayPal are:

Paypal Email Scams: The Advance Fee PayPal Scam

There are many variations of this one, some linked to “Nigerian Prince” or 419 scams, but either way, the result is the same. You receive an email claiming you won an absurd amount of money or a huge prize. The only catch is that you have to pay the shipping, taxes, or fees, and then your money will be delivered to you without haste. Of course, it’s a lie. In the process, the fraudsters may also collect personal information about you (name, address, phone number, driver’s license number, social security number, etc.) to use for identity theft later. Once you pay the fee, you never hear back from them again, and you were duped. They use PayPal to extort the funds from you because recouping lost funds is more difficult through this service.

What to Do and How to Respond to Paypal Scam Emails

First, if you receive an email that looks like it comes from PayPal, investigate the real “sender’s email address.” Unless it comes from paypal.com, it’s not legitimate. If they ask you to click a link, fill out any forms, or pay a fee, it’s a scam. Do not give out your information to anyone who requests it. Remember, if it sounds too good to be true, it probably is. No one gives you millions for nothing. 

paypal scams

Verifying Your PayPal Account Scam

Again, there are different versions of this one, but the objective remains the same. You receive an email that looks like it came from PayPal (with all the logos and fonts just right), but it says there is a problem with your account, and you need to click the link to verify it or fix it immediately. You click the link and are taken to a fake website that mirrors PayPal, you enter your credentials or other private information, and now the hackers have it! Sometimes they promise to waive fees or other freebies to get you to click, but don’t fall for it; it’s a scam. 

How to Avoid PayPal Account Scams

It’s important to note that if you see a link on the page of an email, that text can easily be faked and actually take you to an entirely other location. So, never trust the text you see. Instead, hold your mouse over the link to see where it really goes. PayPal will never ask you to provide your login credentials except on the login page. Sometimes to panic users, hackers will use language like “your account is about to be suspended” in hopes that you will click without thinking. Instead log into your account from a new browser window and check on things that way. 

Other ways to Avoid PayPal Account Scams

  • NEVER click links in emails, even if they appear to be legitimate. Go to your web browser and type in paypal.com and then log in to your account.
  • Forward all spam emails that appear to be from PayPal to spoof@paypal.com so they can investigate and shut down the cybercriminals.
  • Additionally, forward the same emails to the Federal Trade Comission.
  • Never provide personal details or logins to anyone you don’t know.
  • Sign up for account takeover prevention services

“You’ve Been Paid” PayPal Payment Scams

Another popular type of fraud is when scammers send you an email that looks like it came from PayPal, saying you have been paid. You then ship out the goods and find that you were never paid for the item. Because PayPal does send out emails when you use the eBay system, they hope this fake will trick you into thinking you’re all set, so you ship without verifying. Now you are out the money and lost the item in the process. These types of data breaches occur more than you think.

What to do with Payment Fraud and Paypal Invoice Scams?

Never ship out any goods before logging onto your PayPal account (from a clean browser window) and making sure you were paid.

Print the shipping label directly from eBay, so you don’t end up sending your valuables to a fraudster. Do not ship to any alternate address that they request through email. This is a big red flag that it is a scam.

Watch out for these types of emails. Look for improper grammar and always verify the sender’s email address to ensure it really came from PayPal.

Overpayment Scams Using PayPal

The overpayment scam is a whopper. PayPal outlines a typical scenario. You receive a spoofed email that says “that you’ve been paid $500 for a camera you listed at $300! The sender asks you to ship the camera in addition to the extra $200 you were “paid” by mistake. In this example, the scammer wants your camera AND your money, but hasn’t actually paid you at all.” Now you lost your camera and an extra $200. Don’t fall for this cruel trick.

Scammers may also initiate this scam by paying with a stolen bank account or card number. They will then ask for the refund to be sent to their personal account rather than the one they used to make the purchase.

Spoofed PayPal Website Scams

Spoofed websites are becoming more popular among cybercriminals. They've even surpassed malware websites in number.

Imitation sites are more of a tool and end goal than anything else. Targets are sent to them through malicious links from malicious emails or text methods. While there are methods to redirect a browser to fake websites forcibly, those attacks require a previous instance of breached security.

PayPal has a very unique interface and is recognized through just a few features. Those are the platform's signature shade of blue and the 'P' logo. If a website closely imitates these features, then most people won't notice.

The easiest way to know if you're on a spoofed website is to look at the URL. Scammers will use a URL that looks highly similar to the legitimate site, but it's always different. A common tactic is to change the top-level domain (.com, .org, .net, etc.)

However, knowing how to recognize suspicious communications will prevent you from ever visiting a fake PayPal website in the first place.

Charity PayPal Scams

PayPal scammers often create fake charities to steal money from users. This tactic is particularly malicious since it plays on people's empathy and good nature to defraud them. Charity scams often leverage emergency situations or tragedies like 9/11 to guilt their target into contributing.

Depending on the sophistication of the scam, fraudsters may even create a website and contact information for their fake charity. The scammer will link you to these channels to gain credibility.

The rules for avoiding charity scams on PayPal are the same as everywhere else. The best thing you can do is NEVER make a spur-of-the-moment donation. Confirm their legitimacy through organizations like the Wise Giving Alliance, which only back documented and proven charities.

Order Confirmation PayPal Scams

Most PayPal phishing email scams impersonate PayPal. This approach puts the scammer in a position of power and trust (if their target believes them.)

Fraudsters create a false email address that looks like it's from PayPal. They'll use this email to send out order confirmations to any number of PayPal users. This message will provide a link saying, "login to PayPal to track your package."

This link leads to "spoofed" copies of PayPal's website. If the user isn't attentive or in a rush, they may not notice the minor problems that should tip them off. Differences like a slightly different URL or interface become apparent if they take their time and observe the site. If they input their login credentials, then that information is given to the scammer to do whatever they want with it.

Of course, the user is confused because they didn't make the order. If they panic, they may assume that someone has stolen their PayPal credentials and is making fraudulent orders. This fear causes them to click on the email link and login.

Smishing PayPal Scams: Paypal Text Scam

Notifications can be more than just a slight annoyance. This rings especially true if the notification is about your financial activity. Nothing makes the heart sink more than a financial institution reporting potential identity theft on your account.

Fraudsters leverage the anxiety this situation causes with smishing attacks. Smishing refers to fraudulent text messages that trick people into revealing sensitive information.

There are many types of fake alerts that scammers use. Some will say there's been unusual activity, and others will report an unidentified login attempt. The common link between smishing attacks is that their final goal is to coax the target into entering a suspicious site and inputting their personal information.

Avoiding PayPal smishing attacks is simple once you know the platform's policies. While PayPal occasionally sends text notifications, they are only used for two-factor identification purposes.

What to do if You Get Scammed on PayPal?

report scam to paypal

If the scam involved a payment on your end, then ALWAYS check the payment status first. It's possible that you can void the transaction if the seller hasn't picked it up. However, scammers will usually accept immediately to avoid this.

So, if your payment has gone through before you can cancel, the next step is to open a dispute with the other party. PayPal will investigate the circumstances and choose a side. However, it's possible that scammers can trick PayPal into taking their side as they're more familiar with the weaknesses in PayPal's refund policies.

By making their product descriptions as vague as possible, they can make the case that their product meets the advertised promises. Another workaround is to make the cost of shipping the item back more expensive than the refund.

If working through PayPal fails, you can contact your bank directly for a chargeback. Banks are much more likely to side with their customers since they don't have a connection with the other party. PayPal also can't ignore a demand from the bank.

For scams that target a victim's personal information, the best thing to do is learn the strategies and stay vigilant. 

Never trust the information that comes through in an email. Always log into your eBay or PayPal account and verify payments and fees before you ship anything.

Be on the lookout for spoofed emails and examine the sender’s email address to find out where it really came from.

Report these and other scams to PayPal so they can investigate and catch these criminals.

How to Detect a PayPal Phishing Email Scam

PayPal only sends emails for payment notifications and special offers. Any other information regarding your account is sent through the platform’s “message center.” This means that any communications involving a compromised account won’t be sent through email.

Additionally, all official PayPal messages address you by your name or your business name. Be suspicious of messages that address you as “user,” since that could be a sign that the email was sent out en masse. 

Remember that PayPal won’t ask you for sensitive information like your password, bank account, or credit card. Their messages will also never contain any attachments or ask you to download or install any software.

If you still can’t tell if an email is legitimate, then check the sender's address. A PayPal email scam won’t come from the address paypal.com. Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name. Instead, a sender will lengthen the name to something like “PayPal Service (zxk1942R3@gmail.com).” This is a definite sign that the email is not a message from PayPal, and you should immediately report the source.

About the Author
IDStrong Logo

Related Articles

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of mon ... Read More

4 Most Common Bitcoin Scams

Scams are creeping into all areas of life these days. Any new type of technology is at risk. Bitco ... Read More

Romance Scams, The Love to Escape from

Scams have been around a long time, that’s nothing new. One of the most disturbing and heartbrea ... Read More

Top 6 Craigslist Scams and How To Avoid It

Craigslist is a website used for localized classified ads. It was founded in 1995 by Craig Newmark ... Read More

Cash App Fraud: What to do if You've Got Scammed Through Cash App

Peer-to-peer payment apps like Cash App, Venmo, Zelle, Apple Pay, Google Pay, and Facebook Payment ... Read More

Latest Articles

Avoiding Scams During the 2024 Paris Olympics

Avoiding Scams During the 2024 Paris Olympics

Breakdancing is coming to the world stage while French citizens stage a creative protest with the hashtag "JeChieDansLaSeineLe23Juin.

What is a Brute Force Attack in Cybersecurity and How to Prevent it

What is a Brute Force Attack in Cybersecurity and How to Prevent it

In the world today, there is a plethora of critical data circulating the internet, leading to complex attacks like brute force attacks.

Watering Hole Attacks: What They Are and How to Prevent Them

Watering Hole Attacks: What They Are and How to Prevent Them

Hackers often lurk around the most popular websites, looking for ways to exploit users. These sites include ticket purchasing, travel, e-commerce, and banking.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close