Without a doubt, PayPal’s one of the best trending online money transfer service; well, at least when it comes to the customers’ preferences. Founded in 1998, PayPal, formerly known as Confinity, gradually consolidated its market foothold, establishing itself as the best alternative to the more traditional, paper-based, money transfer methods (checks and money orders).
What’s not to like about PayPal? It’s easy to use, can be deployed anywhere, regardless of platform or OS, has world-wide coverage, not to mention the fact that it’s deeply rooted in the freelancing industry.
All things considered, PayPal still does not rank among the safest online money transfer apps, meaning it’s not short of fraud. Of course, the same thing can be said about any money-handling apps on the market, but PayPal’s a seemingly lush environment for scheming, fraud, theft, hacking, and other nasty things that spell out trouble.
In seeing that so many people have been duped into forking over that hard-earned dough to online con artists, I’ve decided to show you the most common PayPal scams and how to protect your account, of course. So, kick back, relax, and enjoy the ride.
Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight provides:
Automatic and silent software updates
Smart protection against malware
Compatibility with any traditional antivirus.
The most notorious PayPal scams to watch out for. Sellers and buyers, beware!
#1. Opening a PayPal account on behalf of the seller
One of the most common types of PayPal scams usually occurs when the sellers haven’t opened a PayPal account yet (yes, I know it doesn’t make any sense, but then again solid businesses are built brick by brick, not overnight).
Long story short – a good Samaritan comes along and offers to open a PayPal account on your behalf. Yes, you’ve guessed it: no account, no bargains, and, unfortunately, no more private info. Let’s add a bit of color to this scenario. As PayPal wrote on its customer support page, the bad guys tend to scout out their potential victims by researching their e-commerce profiles.
For instance, if you have an Etsy profile for handmade goods but no PayPal account, you may get contacted by a ‘benevolent’ bidder who offers to buy some of your merchandise. Of course, the bargain is accompanied by a tempting incentive: bulk purchases or something extra to sweeten that pot.
To show you that he means business, they will send you an email that purportedly contains a link to a PayPal sign-up page. It’s all a ruse – though the PayPal registry form may seem legit, it’s actually a type of phishing attack, designed to harvest your personal information: email address, home address, name, location, billing\financial data (credit card number and CVV), and driver’s license number.
Once you hit the “register” button, the form, along with all your precious info, will be sent directly to the scammer. Doesn’t count among the most ingenious PayPal scams, but at least it’s honest work (joking!).
Bottom line – if you see an email containing an invitation to set up a PayPal account, do yourself a favor and send it where it belongs (to the PayPal scams graveyard).
Some browsers have a “suspicious links report” feature which you can use to blow the whistle on the scammer. Don’t forget to tell your friends, family members, and co-workers about your first-hand experience with your unfriendly neighborhood PayPal pettyfogger.
#2. Shipment cannot be delivered (seriously, now?)
One surefire and hassle-free way of ‘suckering’ someone into giving away money would be to report a shipment failure to PayPal. Here’s how this scam works: let’s assume that someone places an order for a product he found on your e-store. Instead of opting for online credit card payment or cash-on-delivery, the scammer will send the money through PayPal.
Nothing unusual so far, save for the fact that you’ll lose both the money and the goods. When filling out the shipment details page for the purchased goods, the scammer will supply a fake delivery address. Several failed delivery attempts later, the shipping company will mark the items as “undeliverable” in its system.
Don’t count your prayers yet, because this is but the beginning. After being notified by the shipping company regarding the failed deliveries, the scammer will supply a new address, only this time it’s a legit one.
So, the shipping company will do what it does best, which is shipping. This is where it gets interesting – when the scammer receives your goods, he will file a complaint to PayPal, ranting about not receiving the stuff he ordered.
With no proof of delivery, since PayPal will see that the address was invalid, it will decline to cover for the loss, which means that the Seller Protection system will kick in. What happens after that? The scammer gets your dough and the goods.
#3. A little extra something for your trouble
You know the saying: wherever the money’s involved, there will always be a swindler hanging around and the overpaying switcheroo proves just that. Here’s how this scenario plays out.
The seller receives a PayPal proof-of-payment email from an undisclosed buyer. Later, the buyer will try and make contact, telling you that he paid a little extra and would be grateful if you could return the difference. There are two outcomes:
The scammer hijacked someone’s PayPal account to send the payment
Once the account holder realizes that the account has been compromised, he will file a complaint with PayPal. Naturally, the platform will have no other choice but to reimburse the full amount.
So, what happens is that you will lose both the goods and the “something extra” you were supposed to have received. The scammer only needs to take over the cracked account to claim his ill-gotten booty.
The scammer uses his own PayPal account to carry out the ploy
To do that, he will need to order the item and to send money through PayPal. After that, he starts to complain (a lot). The scammer will undoubtedly contact PayPal to complain about his order (i.e. poor quality goods, product not matching the ad, broken or damaged items, etc.). In the end, he will become eligible for a full refund. Yes, it’s bye-bye-bye goods and extra money. Charming perspective, isn’t it?
#4. Alms for the poor and downtrodden?
And the award for “faith in humanity lost for good” goes to those scammers who will try their best to swindle people out of their money by posing as charities. So, what goes down behind the scene? Well, the fraudster will reach out with a heartfelt message about helping refugees, requesting money for someone’s surgery, relief for disaster victims, etc.
These kinds of schemes usually resurface in the wake of major natural or man-made disasters like earthquakes, hurricanes, civil unrest, or war.
The email will also be accompanied by a PayPal handle which should theoretically send the money to the aforementioned charity. Guess what happens next? Once you fill out the order, your money will line the scammer’s pocket because there was no tragedy, to begin with.
#5. Friend of the family? Not on your life!
It’s not that unusual for a family member to ask you for money (happens more often than we realize). However, things go south once someone incurs a family-only financial favor – sending out a payment using PayPal’s “Family & Friends” option.
What’s the catch? Normally, PayPal would charge you for each and every transaction. The “Family & Friends” feature keeps these fees to a minimum. Now, here’s how the scammer acts. He would most likely contact you via email asking you to send the money through this feature in order to avoid paying the regular fees.
Note that in this case, the roles are reversed (you’re the buyer and the scammer is the seller). If you agree, the money will be transferred to his PayPal account with the promise of your goods arriving on time.
Yes, you’ve guessed it – you’ll never see those goods or your money ever again. So why would someone fall for such a cheap trick? Because seasoned scammers know which strings to pull; the most common method is offering a fat discount for the goods in exchange for using this feature.
#6. Beefed Up Call-to-Actions
Perhaps, at times, we need a powerful call-to-action for that much-needed kick in the shins. However, peacockish CTAs and emails with PayPal links just don’t mix. Here’s how this works: you will receive a very long and colorful email that promises over-the-board gains, free money, goods, the Moon, the Sun, and everything else in between.
This is called emailing phishing and, despite its overtness, many users, including the seasoned ones, fall prey. So, how do they trick you into forking over that moolah? By including a very fine, almost invisible, print.
For instance, if it’s a product they’re advertising, the email will read something on the lines of: “hey, I will give you X product free of charge, but I ask you to pay the shipping and handling fees in return. Sounds like a fair trade, don’t you think?”
Here’s what you need to look out for:
Subject: IT ALL DEPENDS ON HOW YOU IN THE NEXT DAYS\IF THEY FOOL US TWICE, IT WILL BE OUT FAULT
These are verified facts, not educated guesses. And yes, it all depends on how you in the next days.
The will have a huge impact on seniors who are now preparing for retirement. It will impact your IRA or 401(k), checking and savings account. And any cash you have parked in the US financial system. Follow this link and learn how to use the system in your favor.
The time has come. The plan is in motion.You better make your move too. Because once this plan goes live, your retirement window will slam shut forever. They fooled us once, it’s their fault. If they fool us again, it will be ours.Don’t be a victim this time around.
Get ready to act. July is just a month away.
P.S. – Want a $1,000 or more a month? Who doesn’t? Follow this link and discover a unique way of getting it.
Naturally, you’ll receive zilch. Sure, the fees may seem like a trifle, but, as the saying goes: “the more, the merrier (and the bigger the bank account)”.
Word of advice: if you see phrases like “Risk-free”, “hurry up and buy”, “get ready to act”,“clock’s ticking”, “there’s no time to lose”, “guaranteed earnings”, or “free only for a limited time“, you should refrain from opening any in-mail links or issue payments through the indicated PayPal handle. Some will even try to offer you a voucher for “a couple of minutes of your time.”
#7. The Invoice from Beyond
One of the least popular PayPal scams is the fake invoice. The worst part is that the email is so perfectly forged, that you won’t be able to tell the difference. Here’s how this ploy works: you receive the email which contains a link that should, theoretically, take you to a payment form.
However, when you click it, nothing happens. In some cases, clicking the link would return an error message. So, where are the goods you ordered? Not on the way to your house, that’s for sure. Basically, the link redirects you to a fake PayPal page which sends your credentials directly to the scammer. Buyers, be afraid! Be very afraid.
Source: Hoax Slayer
#8. PayPal safe money transfer? Never heard of it.
Asking the seller to switch to the “Family & Friends” payment feature is not the only dirty trick in the scammer’s quiver. Some can even ask you to complete the money transfer using methods such as Wire Transfer or Western Union.
Why is that? Because PayPal has a fail-safe system designed to discourage such practices. Unfortunately, the above-mentioned methods don’t have crystal-clear refunding policies.
So, this is what happens: after ordering the products, you will be directed to a PayPal page to complete the transfer. Before completing the forms, the scammer will ask you to change the payment method. He may incur reasons like lower fees or extra security. Of course, once you agree, your money will be gone for good. And I wouldn’t hold my breath if I were you for the goods to arrive.
#9. Someone mentioned “delivery”? My company will handle it.
Another money-grabbing method the scammer employ is to talk you into using their shipping company of choice instead of the usual channels. In some cases, they will also point out that the shipping service belongs to them. Here’s how this plays out: they will go through the usual channels to order one or more products. It’s a high chance they’ll order in bulk to up their gains and do more damage.
If you agree to the terms, all they need to do would be to reroute the transport. Since the PayPal shipping address does not correspond, the platform will not cover for your loss. The scammer only needs to file a complaint about the shipment not arriving and demand a refund. Case closed!
#10. “Let’s keep this between us. It’s supposed to be a gift.”
Here’s one case where you wouldn’t want to help someone surprise a friend. The scammer will contact you about an item he saw in your e-store. Before sending the payment, he will ask you to deliver the product to an address which is different from the one registered with PayPal.
In most cases, the scammer will say that it’s a gift for a friend and that he wants it delivered directly to the birthday boy’s home. What happens next will shock you: after receiving the goods, the scammer will simply file a grievance with PayPal, stating that the goods never arrived.
#11. “We have suspended your account.” Say that again, I double-dare you.
Another time-honored method scammers use is email spoofing. Nothing new under the sun; email spoofing’s been around for quite a while now. The bad news is that this method still works.
Here’s a likely scenario: you will receive an email, allegedly from PayPal, saying that your account has been blackballed – it can happen to the best of us, so no need to cry over spilled milk. This email will undoubtedly contain a link to a spoofed PayPal page.
Naturally, the account holder is asked to type in his credentials (username, password, email). Instead of being redirected to his PayPal account or the platform’s support page, he will receive an error message.
Thinking about buying a new TV with your PayPal money? Not anymore, because it’s all gone. All that the scammer needs to do now would be to hop on your PayPal account using the stolen credentials.
How to protect your account from PayPal scams
I said before and I will say it again: wherever there’s money involved, there will always be someone hands-deep in your pockets. The important thing is to know how to protect your account against these fraud attempts.
As always, disclosing your credentials is a big no-no. However, that’s not enough. So, in order to enjoy your PayPal experience, here are a couple of tips on how to make your account more secure.
#1. Don’t open spam emails or suspicious links
In most cases, the scammers will try to get ahold of your credentials by tricking you into completing spoofed forms. Take the “scammer tries to open a PayPal account on your behalf” case for example; the email itself looks legit and so does the ‘PayPal’ form. So, in order to avoid that info falling into the wrong hands, just ignore any form-filling requests you receive over email.
If you really want to talk turkey with the person who contacted you in the first place, the best thing to do would be to hop on PayPal’s official page and create an account from there. Once the account’s up and running, email your buyer. Chances are that they will think twice before emailing you again.
#2. If something sounds too good to be true, then it’s probably a scam.
As it happens, money doesn’t grow on trees. And no, people don’t give away money just because they woke up in a charitable mood. So, the next time you open up an email and see things like “order now”, “hurry up!”, or “claim your free money here”, close it.
#3. Decline requests for shipping to a different address
If your buyer asks you to deliver the goods to an address other than the one specified in the transaction form, then it’s more than likely a scam. Since there’s no one pointing a gun to your head, you can simply decline the request and inform the interested party that you will not change the shipping address. This also applies to the case whereupon the ‘buyer’ informs you that his own shipping company will take care of the hauling.
#4. Always offer a full refund if something doesn’t feel right
If someone emails you under the pretense of overpayment, you should hop on your PayPal account as fast as possible and refund the full amount. Stick with the platform all the way through. Why? Because it has in-built fail-safes that protect customers against PayPal Scams. While you’re at it, it would be wise to report the incident to PayPal. Now, if you believe that the mistake’s legit (could happen), under “decline reason” kindly ask your buyer to send the correct amount.
#5. Keep tabs on your PayPal account
It’s always a good idea to eyeball your transactions’ history from time to time. If you think that anything’s amiss (unrequested withdrawal or orders), you should submit a report to PayPal as fast as possible. Sure, in most cases it just may be a false alarm, but you can never be too sure when it comes to PayPal scams.
Keep in mind though that the so-called overpayment ploy can be conducted from a hacked PayPal account. So, if you have any reasons to believe that your account’s compromised, take the necessary steps in order to minimize the damage.
#6. Stay informed about PayPal’s buyer and seller protection policies
PayPal has very strict guidelines when it comes to refunds. To make it easier for you, here’s a rundown of what the program covers for and what gets you zilch. Pretty handy to know in order to dodge PayPal scams.
If you’re a BUYER, PayPal will COVER for:
- Purchasing an item, but receiving something completely different (i.e. you bought a book, but instead, you receive a CD).
- Buy new, receive something old or used.
- Purchase three items, receive two.
- Buy an item that gets damaged during shipping (only applies if you specified the shipping method in the order. Doesn’t get you anything if you chose a different hauling method.)
- Buy an item that is missing major parts.
- False advertising (you buy an item listed as “authentic” but get a fake).
If you’re a BUYER, PayPal will NOT COVER for:
- Vehicles (i.e. scooters, motorbikes, mopeds, etc.).
- Anything pertaining to real estate.
- Heavy-duty or industrial machinery.
- Any items that go against PayPal’s policies.
- Prepaid cards.
- Payments made to family members or friends.
- Transactions made in person (not conducted through PayPal’s platform).
- If you filed a dispute 180 days after making the purchase.
- Filed for a dispute over an authorized transaction that took place over 60 days before the actual transaction took place.
- If the seller included a thorough description of the items.
If you’re a SELLER, PayPal will COVER for:
- Item shipped to the address specified in the Transaction Details page.
- Item has a tangible form (seller’s protection policy does not cover digital goods and\or services).
- Supply the documentation requested by PayPal or the buyer (must be done within ten business days).
- The seller’s permanent address is in the United States.
- Seller flags the payment as “partially eligible” or “eligible” (you’ll find these in the Transaction Details page).
- Provide online tracking for all transactions marked as “eligible”.
- Provide Proof-of-Delivery and Proof-of-Payment.
If you’re a SELLER, PayPal will NOT COVER for:
- Non-physical goods (i.e. digital goods and services).
- Item(s) have been picked up from a designated point or by a person.
- Any reversals, chargebacks, or claims forwarded on account of the item being different compared to its on-page description.
- Transaction made over PayPal Here, PayPal Business, PayPal Direct, or Virtual Terminal.
- Cashing in multiple payments for a single item.
- Claims filed through platforms other than PayPal (i.e. eBay).
- Illegal goods (i.e. ammo, firearms, knockoffs, drugs and\or drug paraphernalia).
- Use First Class Mail International (the receipt only mentions the delivery address and not the customer’s address).
#7. ‘Abuse’ antiphishing and antimalware software
Relying on antivirus to keep you safe from online fraud is not enough. Sure, your PC\tablet\smartphone will be virus-free, but this type of software doesn’t cover for all online threats like PayPal scams. So, the best thing you can do would be to install an all-in-one solution that can help protect your machine against form-phishing attempts.
If the software’s database is up to speed, the next time you’ll receive an email, you’ll be notified about its potentially malicious content. Don’t be stingy about paying for a yearly AV\AM subscription; there are plenty of great deals out there.
The easy way to protect yourself against malware
Here's 1 month of Thor Foresight Home, on the house!
Use it to:
Block malicious websites and servers from infecting your PC
Auto-update your software and close security gaps
Keep your financial and other confidential details safe
#8. Use the “signature confirmation” feature as often as you can
PayPal has a very nifty delivery feature called “signature confirmation”. It means exactly that: the package can only be marked as “delivered” once you scribble your John Hancock. Great practice, especially if you want to ship or order valuable items if you want to avoid PayPal scams.
#9. Never share your PayPal credentials
I know that it sounds like a no-brainer, but there are times when things that happen in Vegas, don’t stay in Vegas if you get my drift. Now, if you want to sleep better at night knowing that your PayPal money stays on your account, don’t share your credentials with anyone; not even family members or very close friends.
#10. Double-check the addresses
Each time you receive an email which, supposedly, was sent by PayPal, hover your cursor over any links it may contain. If the link reads “email@example.com” it means that it came from a trusted source. On the other hand, if the link is misspelled (i.e. “firstname.lastname@example.org” or “email@example.com“) or has funky additions, it’s more than likely one of those PayPal scams.
#11. PayPal Scams raise ‘red flags’
The scammer will just use any pretense to pilfer your PayPal account. Now, if you have a payment request, look out for red flags (i.e. fraudster requests you rush the shipment, split payment between two or more PayPal accounts, or partial payments). May not be much to go on, but, when dealing with PayPal scams every detail can make a difference.
#12. Turning down offers is understandable and healthy
If the buyer rejects your original terms, it’s okay to ‘chicken out’ on the transaction. In some cases, they will attempt to dissuade you by sweetening the pot (i.e. a discount or extra money to persuade you into agreeing to their terms).
#13. Use the blacklisting feature for PayPal Scams
If the buyer files a dispute, you are well within your rights to block him. Going with the flow just doesn’t work in this case, as fraudsters are more likely to come back if the user took no action.
#14. Avoid direct contact
Fact: all transactions should be mediated by PayPal. If by chance, you receive a follow-up email, SMS, or IM after receiving the request, contact support on the double for verification.
#15. Keep in mind that it can always get much worse
Out of the frying pan and into the oven? Yes, it’s always a distinct possibility. The latest reports reveal that PayPal scams can turn into full-fledged cyber-aggressions.
More specifically, a second-gen malware can steal your credentials, encrypt your device, and empty your PayPal account, all at the same time. So, the next time you receive an email from something that masquerades as PayPal, think twice before clicking on any links or opening attachments.
PayPal Scams Frequently Asked Questions
Q: Can I get scammed with PayPal?
A: You most definitely can. PayPal scams aren’t nearly as tear-jerking as ransomware, but it’s never good news to learn that you’re loosing money. The most common scams are overpayment, changing shipping address, switching to alternative money-transfer methods (i.e. using the “Familly & Friends” feature, Western Union, Wire Transfer, PayPal Here, PayPal Business, PayPal Direct, or Virtual Terminal), sending ‘spoofed’ emails (i.e. account’s about to be suspended) or fake invoices.
If you feel like you might be dealing with online fraud, the best course of action would be to notify PayPal as fast as possible. To do that, sign into your PayPal account and head to the Resolution Center (you can find it at the bottom of the page). From there, select Report a Problem, choose the suspicious transaction and hit the Continue button. Next, you would want to select “I want to report unauthorized activity”. Tap or click on Continue to go to the next page. Follow the on-screen instructions to report the transaction.
Q: Does PayPal send you emails?
A: Yes, PayPal does send out an email to customers. You may receive on-request emails (i.e. you want to save a local copy of your transactions’ history) or messages pertaining to policy updates. However, PayPal will NOT ask you for private information over email (i.e. email address, password, billing info, Social Security Number, debit\credit card number, etc.). Furthermore, the platform will not require you to install third-party software or updates on your machine or provide tracking numbers for dispatched items.
You should also take a closer look at the greeting; all PayPal emails begin with “Hello” followed by your first & last names or business name. On the other hand, ‘spoofed emails’ have a generic greeting such as “Dear member”, “Hello, the user”, or “Hello, PayPal Member”. Another red flag is the sender’s email address.
Legit emails are from firstname.lastname@example.org. Spoofed emails usually contain spelling errors (i.e. email@example.com) or are sent from addresses that have nothing to do with PayPal (i.e. http://subscription-ppay.web-a8l36n.anuevma.com/). Lastly, check to see if the address has the “https://” security certificate and if it comes accompanied by the icon of a small padlock (it should be next to the address).
Q: How do PayPal scams work?
A: You really don’t need to be a rocket scientist to pull off a PayPal scam, since most of them require little to no tech know-how. More than likely, the scammer will try to take advantage of your lack of PayPal knowledge. For instance, a newly-registered member might not be aware of the fact that the platform only sends out emails with a greeting followed by the user’s first & last name or business name.
Email spoofing is, by far, the most used method to steal login credentials. Although infrequent, there are reported cases of scammers hacking their way into someone’s account to withdraw funds or to ‘weaponize’ it (using it to defraud other PayPal account holders). Bottom line – PayPal scammers are powerless when confronted with informed customers.
So, before conducting any transactions, be sure to review PayPal’s buyer\seller protection policy. That way it will be easier to figure out if you’re good or about to be spoofed. If you believe that one of the emails receive from PayPal is fake, report it to the platform by sending an email to firstname.lastname@example.org. Don’t forget to enclose a copy of the email’s body and the address.
Q: Can PayPal payments be reversed?
Only PayPal payments that go unclaimed can be canceled. In the event that you got spoofed or sent someone a payment by mistake, go to your dashboard and take a look at the payment’s status. If it reads “unclaimed” then you’re well within your rights to cancel it. Here’s what you will need to do.
Sign in to your account and go to History (upper-part of the toolbar). Scroll down until you see the payment you want to cancel. Next, you would want to hit the “Cancel” button (you can find it under the “Order status\Actions” section”.) You will be redirected to a confirmation screen where you will be required to click on the “Cancel” button once more in order to confirm the action.
Bear in mind that once a transaction has been marked down as “Completed”, you will not be able to reverse it. To proceed, you will need to contact the recipient through PayPal.
End of the line? There’s no such time when it comes to scamming; the moment when you think you’re safe, that’s when shift happens. Even more daunting is that it happens so fast that it doesn’t give any quarters.
So, what’s the golden rule of avoiding PayPal scams? Little, commonsensical things: don’t talk to ‘strangers’ directly, don’t share your credentials, and never, ever open suspicious emails or follow enclosed links.
Also, remember to flag down anything that seems out of the ordinary. Sure, in most cases, it may be just your garden-variety paranoia, but you can never be too sure when it comes to PayPal scams.
Keep in mind that PayPal and similar services are not just hunting grounds for money-grabbing scammers. They’re also handy tools for quick and painless money transfers. So, let’s not go into full witch-hunting mode just because of some isolated incidents. Have you ever had a first-hand experience with PayPal scams? Hit the comments and share your story with the rest of our community.
The post 11+ PayPal Scams: How They Work and How to Protect Your Account appeared first on Heimdal Security Blog.