PayPal is a fintech platform that enables cross-border transactions for individuals and businesses. With over 400 million active users and increasing numbers, this fintech giant handles billions of transactions yearly. Its Total Payment Volume(TPV) stood at USD 323 billion in Q1 2022 – a Y-o-Y increase of 13% in TPV.
However, its popularity has also sparked interest from hackers and scammers across the globe. In 2019, PayPal phishing spiked nearly 200 percent, which is also its all-time high!.
This article will go through seven types of PayPal scams you must know about if you use PayPal daily. We will also go through the ways to avoid them and protect ourselves and our family members.
Seven PayPal Scams you must know if you use PayPal (and their solutions)
Below are the seven infamous PayPal scams you need to know about so that you can recognize them and save your hard-earned money. These Paypal scams can hurt anyone using Paypal, from buyers to vendors. So, if you use Paypal daily to sell or buy, keep these scams in mind and learn how to avoid them.
- Phishing emails trying to steal your credentials.
- Lottery or contest win scam.
- Fake donations to charities or highly rewarding investments.
- Alternate payment method.
- Shipping address scam.
- Request for overpayment refund.
- Hacked account scam.
1. Phishing Emails to Steal your Credentials
So, what is Phishing? It sounds like fishing!. Yes, it’s somewhat similar to that, and you’re the fish. The scammer is like a fisherman eager to hunt you down using lots of lures and baits, aka tactics, to catch the fish.
Phishing is a tactic used by online fraudsters where they encourage victims to share their personal financial and banking card information and account credentials – by impersonating themselves as trusted individuals or organizations.
The Paypal scammer lures you by sending you a phishing email. The scammer will trick you into believing that the email is from Paypal, where the company wants to verify your account due to security reasons. The scammer will attempt to lure you into his/her fake website so that you can enter your Paypal personal information.
Once you’ve followed the instructions asked, the scammer now has your PayPal credentials with which he can buy stuff from your PayPal balance.
- Learn to recognize bogus websites. Note that PayPal has only one domain, and that’s www.paypal.com, and the official mail from PayPal will also have only the @paypal extension with it. So, if you come across similar-looking domain names like security-paypal-center.com or paypal.mobileservice2020.com or email extensions similar to PayPal, forward the details to email@example.com so that the company takes immediate action to shut down that website. Learn how to know if a website is fake, very you are using HTTPS (and not HTTP), and look for trustworthy signs (about us, social media, etc.)
- Use 2FA two-step authentication. Paypal uses a mechanism to detect suspicious activity in your account. If it detects you are in a new country, it will send you an email; if it detects you are using a new device to log in, it will send you an email. Paypal also enforces the use of the two-step factor authentication (2FA) for your PayPal account. This will make it impossible for the scammers to breach your account credentials. The two-step authentication login requires OTP to be sent to your mobile phone. Never share your OTP received from PayPal or your login details with anyone or PayPal representatives, as even PayPal representatives never ask for that.
2. Lottery or a Contest Win Scam
You woke up early in the morning to check your email. Suddenly you see a mail proclaiming you’ve won a lottery or a content, and now you’re supposed to claim your won amount.
Before you get all excited, recognize that this is a Paypal scam that uses what is known as Advanced Fee Scam. The scammer will use all sorts of social engineering to inspire emotions such as excitement and urgency. They will ask you to send a small fee via Paypal as a processing fee if you want to take that money that you’ve won just now.
The scammer is after that small fee. If you pay that money requested, be sure that you won’t ever get any cash back, and of course, you won’t hear from the lottery you won.
Now you know about this scam, it’s easy to spot. Unfortunately, the Internet is full of scams and frauds that real lotteries or contents are almost impossible to pursue. When dealing with unknown emails, always use your suspicious mind, and don’t believe what they say, even if it looks legitimate.
Most of the time, your email service provider is intelligent enough to know about and protect your inbox from receiving such fraudulent “spammy” emails.
If your email service doesn’t recognize it (because maybe the scam is zero-day “brand new”), you too can mark the email as spam so that your mail service provider takes care of it next time. And also, note another essential thing: if you want to win a contest or a lottery, then at least you’ve to participate in that in the first place!.
3. Fake Donations to Charities or Highly Rewarding Investment
Another infamous Paypal scam is when scammers use charities, donations, or investments. Scammers use all sorts of opportunities to evoke your strongest emotions and push you to take action. They’ll use any misfortunate event – war, drought, flood, earthquake, or any natural calamity – as an opportunity and try to use your sympathy and care for people to fill their pockets.
Likewise, many will try to lure you with investment opportunities whose returns would look more significant than life. In a highly rewarding investment scam, they use another strong emotion: greed. They use strong words like “win,” “now,” “rich,” “fast,” “become,” etc.
Again, by using strong emotions to stir you up and pairing the scam with a legitimate company such as Paypal, scammers will likely have a good shot.
Before giving your money to any charity out of care and any investment out of excitement, make sure you check the business details of the sender. You can check their website, look at their “about us,” check out their social media and also use your suspicions and judgment to determine whether they are legitimate. Another great source is the BBB (Better Business Bureau; http://www.bbb.org).
If there are bad ratings in BBB, it’s immediately a red flag. To find the charity organizations’ legitimacy, you can also use some websites like http://www.charitynavigator.org and http://www.charitywatch.org.
4. Alternate Payment Method
We all want to save money. So, when someone tells us a way for that, we’re suddenly all ears. However, scammers can also exploit this to lure you in and trick you on PayPal.
A scammer may ask you to transfer money via PayPal’s Friends and Family option when paying for goods or services (even though Paypal does not permit it). Using the “Friends and Family” eliminates the fee that PayPal leaves on standard sale transactions.
But the problem is this will also place you in a vulnerable situation as you’ll no longer be protected by PayPal’s protection program. So, if you get a damaged or a fake product, or the service you paid for never happened, Paypal can’t do anything to get your money back.
Any payments made through the “Friends and Family” option are no longer protected by the Paypal protection program. Once the money is sent, you will have no way to claim against the fraud or no assistance from PayPal.
Stick to the Paypal rules when paying for goods and services. Use the “Friends and Family” option for what it is, for friends and family, and never use it to pay for goods and services for a seller you don’t know anything about.
5. Shipping Address Scam
This next Paypal scam is another clever way that scammers may use to steal money from you. This scam doesn’t involve any kind of credentials stealing or email phishing; but instead, it relies on Paypal’s platform and involves shipping addresses.
This scam is targeted toward sellers. A buyer pushes the seller to use the seller’s preferred shipping company or shipping label, which the scammer can modify to their advantage. The scammer may also provide a fake delivery address to the seller, which gets mentioned on the transactional details page. The seller won’t be able to deliver the item. Now, the buyer steps in to provide his legitimate address. The product will be rerouted and returned to the new address.
The buyer can take this situation to his/her advantage – the buyer will lie to PayPal that they never received the item. Since the final delivery address doesn’t match the address listed on the Transaction Details page, PayPal will likely grant the refund to the buyer, making the seller lose the money, the product, and the shipping fees.
These types of scams work because PayPal only offers seller protection if they have proof of delivery to the address listed on the Transaction Details page.
Now you know how this type of Paypal scam works, be cautious next time when a buyer asks you to change the delivery address or method, as mentioned earlier. Always use official, well-known, and secure delivery methods and companies. If anything feels dubious to you, contact PayPal immediately.
6. Request for Overpayment Refund
The overpayment scam is another uncommon but very clever Paypal scam. It happens when a buyer overpays the seller for the product or service he/she will receive. And then requests the seller to reimburse the overpayment admitting he has overpaid mistakenly. All seems normal until the buyer asks to reimburse the money to a different account.
As a seller, be suspicious when the buyer asks you to refund the amount into a different PayPal account or other payment methods. The chances are that the buyer is a scammer using a stolen or hacked PayPal account to pay for his/her purchases and the second account is the one where they are making a profit.
Legitimate buyers aren’t likely to make a mistake and overpay their hard earn money. If you as a vendor receive an overpayment, then be extra careful about it, as this is likely a scam. Never return the payment to an account different from the one that originally made the payment. In fact, it is better if you cancel the order completely and do not ship the order.
If you think this is legitimate, ask the buyer to send the correct amount again because mistakes sometimes happen.
7. Hacked Account Scam
The hacked account Paypal scam is similar to the previous above overpayment scam. In this scam, the buyer will purchase a product from you with a hacked PayPal account. As a normal procedure, you’ll send the item to the requested address. A hacker could use the hacked Paypal account to make payments and purchase goods but not request overpayments.
Once the actual account holder takes notice of the unusual activity inside his PayPal account, he/she will ask PayPal for a money refund. If PayPal acknowledges his/her concern, you (as a vendor) will lose out on the item and the money.
This situation gets tricky as it’s almost impossible to tell when a person has hacked an account (until the account owner reports it).
A mismatch in the buyer account information and where products are getting shipped can be a sign. If you (as a vendor) feel suspicious about the mismatch in the shipping address and payment account information, you can directly contact PayPal to verify the buyer account information.
If you’ve already become a victim of any of the previously mentioned Paypal scams, stay calm and contact PayPal immediately to see if they can get your money back or help you in any other way.
You can’t change your past, but you can definitely learn from your mistakes:
- Always use your suspicious mind when reading the email from unknown senders; do not engage your emotions.
- Learn how to identify fake and impersonated websites. Always make sure you are using SSL (HTTPS) and not HTTP.
- If you have had your Paypal account hacked, change your password and ensure you are using 2FA.
- As a vendor, always stick to Paypal guidelines and recommendations. If you notice any unusual behavior from a buyer, report it to Paypal.