
Digital payment systems like PayPal are more popular than ever, and scammers are chasing money. Here’s what you can do to protect against them.
With over 400 million users and counting, PayPal is an attractive target for scammers. Many online scams, including the Cash App scam, Venmo scam, and Zelle scam, bank on the fact that users do not understand how these services work or use them recklessly, leaving users vulnerable to bad actors stealing their money. Get hit, financial information and more.
That doesn’t mean you have to delete your PayPal account, though. You can still take advantage of all the features PayPal has to offer by using them smartly and knowing how to spot the signs of a scam. To help you do that, we’ve got information from cybersecurity experts on what to look for and how to avoid PayPal scams.
What is PayPal?
PayPal is an all-in-one digital payment platform that provides an alternative to traditional banking methods. To create a PayPal account, users must first link their bank account or credit card to the system. From there, they can log in via their computer or smart device and make purchases from third-party retailers, accept payments and deposits, or transfer money or cryptocurrency between accounts.
Can you get scammed with PayPal?
Unfortunately, it is very easy for scammers to steal your money or financial information through PayPal. According to Eva Velasquez, president and CEO of the Identity Theft Resource Center, “there are various scams and fraud attempts by identity criminals trying to steal your money, financial information and more”.
But keep in mind that PayPal isn’t the only place you can be duped. “It’s important to note that you can be duped with any site or service,” says Alex Hammerstone, director of ethical hacking company TrustedSec. Other common scams include Amazon scams, Facebook Marketplace scams, phone call scams and gift card scams.
What are some common PayPal scams?
While scammers can be sneaky and reassuring, their scams also have some common themes that make them easy to spot. Here are some of the most popular.
order confirmation scam
In most scams related to PayPal, scammers use phishing emails to impersonate PayPal. Here’s how it works: Criminals will create a fake or “fraudulent” email address that appears to be from PayPal. They will then send you an email that looks like an order confirmation for a recent purchase. You will be asked to check the status of your order by logging into your account via a link included in the message.
These phishing emails take many different forms, but “every time remains the same as what the criminal is after,” says Karim Hijazi, CEO of cybersecurity company Previllion and former contractor for the US intelligence community. “They want to steal your PayPal login credentials by tricking you into signing into your account through a fake web page.” Once scammers obtain your login information, they can use it to log into your account and make purchases, withdraw money, or carry out a douching attack among other things.
Fake Fraud Alert Scam
Beware of unsolicited text messages that look like fraud alert notifications from PayPal. Known as “smishing” attacks, these fake fraud alerts are hard to detect because no two messages are the same. Some may warn that someone is trying to access your account, while others will report suspicious activity on your profile. “There are a wide range of fake alerts used by scammers, and each one of them will be different,” Hijazi says.
While PayPal sends text messages or emails asking for a one-time login code or two-factor authentication, unexpectedly receiving a PayPal notification is a sign that you are dealing with a scam. The text may appear to come from a valid PayPal phone number, but the link in the message may actually take you to a fake PayPal login page that steals account details like your password when you try to enter them. Clicking on the link may also accidentally download malware that allows someone to spy on your iPhone, so be sure to remove any fake text as soon as you receive it.
unwanted payment or transfer request scam
Before accepting an unexpected payment or transfer request on PayPal, take a closer look at the message. Some scammers create profiles that impersonate real people or businesses—even stealing their usernames and profile pictures.
If you eventually accept the scammer’s request and send them money, you should report the scam to PayPal. However, PayPal cannot guarantee that you will receive a refund. That’s why you should always avoid getting scammed in the first place by initiating transactions and not accepting unsolicited payment or transfer requests on PayPal, Velasquez says.
password reset request scam
Received a password reset notification out of the blue from PayPal? Don’t click on any links in text messages or emails, Hammerstone says. Instead, log in directly through PayPal’s app or website through your browser and, if your account is hacked, change your password immediately.
Scammers often create fake password reset alerts that also appear to be from PayPal. By clicking on a link in a text message or email, you may accidentally share your login credentials with scammers or download malware. Strengthening your iPhone security and checking these iPhone privacy settings can protect you if a hacker gains access to your smartphone.
fake charity scam
Another common PayPal scam uses fake donations to solicit donations from unsuspecting users. The fraudster would create a webpage for a fake charitable organization, then contact victims to ask for donations via PayPal. Although they may share fake confirmation emails or receipts to make it appear that the transaction is legitimate, in fact, they have already taken your money. These fake charity sites are getting more reassuring, but there are ways to spot fake donation scams so you don’t become a victim in the future.
promotional offer scam
Like a fake fraud alert or order confirmation email, this scam relies on a fake email address or phone number to make their message appear to be from PayPal. The message informs users that they have qualified for the promotional offer and money has been credited to their account. Ultimately, the scammer is hoping to trick the user into entering their PayPal login credentials on a fake webpage or clicking on an attachment that infects their phone with a virus.
refund request scam
Getting a random PayPal transfer isn’t always an honest mistake. In fact, scammers often use this trick to fool you into giving them money. The fraudster can use financial information stolen from a hacked PayPal account to transfer several hundred dollars to your account, then send you a message saying: “Oh! Can you send it back? ?” The money you send goes to the criminal’s personal card—which they added to the fake account—and the stolen money is removed from your account.
overpayment scam
Turns out, everyday users aren’t the only victims of PayPal scams; Criminals also target sellers and retailers through PayPal. For example, a fraudster will overpay for an item using a fake or stolen credit card or bank account number, then contact the seller to ask them to refund the overpaid amount, usually on that account. In a different account than the one they used to make the initial payment. , Once they get the money back, the scammer will contact PayPal to cancel the original transaction, locking the seller out of both their product and payment.
shipping address scam
When you sell something online, always verify the address where you are shipping the item. Some scammers will buy goods through PayPal but give the seller an invalid delivery address. After the shipping company marks the package as deliverable, the buyer will contact the shipping company to change the address and request a refund from PayPal on undelivered orders. Retailers should also be wary of scams when selling products online.
hacked account scam
If a cybercriminal learns login credentials and gains access to a PayPal account through a phishing attack, they can use that account to defraud other users as well. They may transfer funds to your PayPal account as payment for a product or service, but after receiving the product, the money disappears from your account. More than likely, PayPal withdrew the money after getting word that the account had been hacked.
How do I Avoid Scams on PayPal?
Let’s be honest: Cybercriminals will never stop trying to deceive you. But there are some steps you can take to protect yourself from future PayPal scams. Experts recommend following these tips to weed out scammers.
- Always initiate transactions on PayPal. If you receive a money request, do not accept it until you have verified that it is legitimate.
- Never click on a link or attachment or reply to an unexpected message from PayPal. Instead, contact PayPal directly to confirm that the message is genuine.
- Look for common greetings, typos, or incorrect grammar in PayPal messages, which can be red flags of a scam.
- To find out if an email message actually came from PayPal, click the “View Source” or “Open Original” button in your email account. This will show you the full header and routing details for the email you received. Find the line item called “Return-Path” in the header, which tells you whether the email you received came from PayPal or a fake email address. A fake sender address may be filled in or off with one or two characters.
- Never log into your PayPal account through a link shared with you by email, text message or other means. Instead, log in directly from your web browser or app.
- Instead of calling the phone number provided to you in PayPal’s message, contact PayPal directly by looking at PayPal’s publicly listed phone number.
- Never share your account information, passwords, bank account or payment card information, over email or phone.
- If you receive a fake or suspicious email or text message, report it to PayPal [email protected],
- Monitor your PayPal account regularly for suspicious activity, and contact PayPal if you notice anything unusual.
- Create a strong, unique password and enable two-factor authentication to prevent hackers from accessing your PayPal account.
- Use spam filters to block emails and prevent spam texts from moving forward.
Source:
- Statista: “Number of PayPal’s total active user accounts from Q1 2010 to Q1 2022”
- Eva Velasquez, President and CEO of Identity Theft Resource Center
- Alex Hammerstone, Director of Advisory Solutions at TrustedSec
- Prevalion. Founder and CEO of Karim Hijazi
Source