Over the years, PayPal has earned a reputation for being a secure and easy way to send and receive money. However, no payment system is entirely immune to scams, and cybercriminals often exploit these platforms due to their widespread popularity and trust among users.
PayPal is the most widely used online payment system in the US, making it a compelling target for scammers looking to capitalize on its extensive user base. Moreover, its ubiquity provides a sense of legitimacy that bad actors leverage to trick unsuspecting users.
Additionally, PayPal transactions are often perceived as secure, fostering a false sense of confidence among potential victims. The anonymity and ease of creating fake accounts further enable scammers to fly under the radar, manipulating the trust associated with PayPal and exploiting its user-friendly interface.
In this blog, we aim to share some insights into the most common PayPal scams doing the rounds these days, as well as how to avoid them.
There’s nobody home
This PayPal scam involves a crook requesting for the goods to be shipped to a particular address, and money is then paid into the seller’s account. The seller then sends the goods to the address given. However, the delivery address turns out to be invalid, and the courier or shipping company cannot locate it and complete the delivery.
After trying and failing to find the location a few times, the shipping company flags the goods as undeliverable on their system, and the fraudster then contacts the courier and gives them a new address where the items can be delivered. The scammer receives their goods and then files a complaint with PayPal, claiming they were not delivered. The seller has no proof that it was delivered, as the transaction shows only the original address provided.
Unfortunately, PayPal Seller Protection only covers the shipping address that PayPal has on its system, and the seller ends up losing not only the item but the money, too.
Pay your “Pal” scam
Also known as the “alternate payment method” scam, this might not be a PayPal scam per se, but instead, a method fraudsters use to leave sellers with no redress after defrauding them. In some instances, a malicious hacker will request that the seller transfer money via PayPal’s Friends and Family option.
While this may appear to be a good idea as it eliminates the fee that PayPal charges on standard sale transactions, paying for goods is prohibited under PayPal’s Friends and Family money transfer service. Hence, any payments made this way are no longer protected by the company’s protection program.
Once the buyer has transferred money this way for the items they purchased, they have no way of claiming back should they be defrauded and not receive the goods they paid for.
Paying too much scam
Another common PayPal scam sees the fraudster make a payment into the seller’s account for more money than the seller was asking for. They apologize for the error and request that the balance be paid back into their account.
And yes, the scammer did overpay, and the money is reflected in the seller’s account. However, when the seller reimburses the overpayment into the scammer’s account, the scammer lodges a complaint with PayPal, claiming their account has been hacked and that the payment made to the seller was not a legitimate transaction.
PayPal then reimburses them, and the seller is out of pocket for the “overpayment” amount.
In other instances, the scammer may request the overpaid amount be refunded using a different method, such as a payment service or cash app that is more difficult to reverse. Once the seller has paid, the scammer cancels the original transaction.
This ship has sailed
In this PayPal scam, the criminal sends the seller an email from PayPal showing that money has been paid into their account but that PayPal is holding the funds until a Tracking Number for the shipment is sent. In reality, PayPal never holds on to a customer’s money, nor does it get involved in shipping on any level.
The scammer hopes that the seller will hurry to ship the item to them and provide them with a tracking number. Next, the fraudster will string the seller along with a slew of fresh excuses, such as they will only receive payment once the goods arrive. By this time, it is too late.
Hooked by phishing
This PayPal scam, sees a malefactor sending the seller an email claiming to be from PayPal that shows that the funds have been transferred into their account. All it takes for the funds to be made available is for the seller to click the confirmation button.
Alas, the button takes the seller to a fake yet convincing site, where they are asked to log in with their PayPal credentials to finalize the transaction.
As soon as the seller does this, the fraudster gets their hands on these credentials and can now log into the seller’s account and steal all their cash or make other payments.
Tech support scam
Fraudsters often pretend to be PayPal customer support agents and claim that users’ accounts have been hacked or are showing anomalous activity. They aim to get the user on the phone and trick them into divulging sensitive information, such as their login credentials, or downloading malware that enables remote access to their computer.
The malefactor will often scare the user by using fake threats and instilling a sense of urgency to get them to act out of fear.
It’s important to remember that real support teams will only offer to help if asked to, and any purported support calls can be verified directly via PayPal.com or by calling the official PayPal number.
It’s too good to be true
A common rule of thumb for most things in life is that if something is too good to be true, it probably is. Malefactors often use email as a medium to reach their target users, tempting them to click on a link that would take them to a cunningly crafted fake website that is designed to steal their sensitive information.
These days, they also try to trick users via fake promotional scams in the form of social media posts that offer unbelievable deals that are too good to pass up.
Always scrutinize the URL of the website - the fact that it contains the word ‘PayPal’ isn’t good enough. Any poor spelling, grammar, or the use of domains specific to a certain country is a sure sign that something is amiss.
Staying safe
It’s not all doom and gloom; there are certain indicators to watch out for that could save you from falling victim to PayPal scams.
- Dodgy email addresses: Any genuine PayPal employee will have an email address ending in “@paypal.com” and nothing else.
- Beware the stick (and carrot): PayPal scammers may adopt an urgent tone to alarm users into acting in haste and making a mistake or may tempt them with an unrealistically good promotion.
- Generic greetings: Fake PayPal messages often include generic greetings such as “Dear Customer” or “Dear PayPal user” instead of referring to the user by name.
- Send suspicious links: Always thoroughly examine links by hovering your mouse over them before clicking, even if they appear to be genuine.
- Giving out personal information: PayPal will never ask for any financial or identifying information, such as credit card numbers or login credentials.
- Poor spelling and grammar: Scam messages are often poorly crafted and littered with spelling and grammar errors.
- Asking for money too soon: Asking for money before a service is complete is a major no-no. Genuine sellers will deliver the promised goods or services first.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
