PayPal phishing scams have been around for years, and it seems that criminals don’t have plans to stop any time soon. They can send you a fraudulent email and convince you to click on a link. If you do, your money could be stolen in minutes. How do PayPal phishing email scams work, and how can you protect yourself? Is PayPal safe?
With PayPal being one of the most widely used methods of sending payments online (over 420 million accounts worldwide), many malicious actors are seeking ways to profit. To answer the question of whether you could become a victim of PayPal fraud, the answer is, unfortunately, yes.
Scammers impersonate PayPal and use phishing techniques to persuade users to give out private information, click on malicious links or download malicious software.
Since PayPal is connected to your bank account or card, it is a potential gold mine for hackers and other opportunistic entities. If you can be tricked into giving them your sensitive information, they’ll be able to control your account and steal your money.
Scammers carry out PayPal scams using various methods, but they all have the same goal – to extort money, personal information, or private account details.
One of the most typical scams is to send PayPal users an email claiming that somebody has changed their password from an unknown device and urging them to fix this as soon as possible. However, once you click on a link in the email, you’re redirected to a fake PayPal website. If you type in your credentials, criminals will use them to compromise your account and even make payments.
Here are the most common PayPal scams used by cybercriminals targeting users:
PayPal always strives to ensure the security of its users and helps to get your money back in case of a scam. However, scammers have become increasingly sophisticated, finding new ways to bypass security systems and extort your private information or money.
In short, yes, there is a chance of getting your money back if you’ve been scammed on PayPal. Its seller and buyer protection programs are designed to keep your money safe if you do not receive an item or payment.
PayPal has a process for reporting and resolving scams. You can file a dispute with PayPal through their Resolution Center within 180 days of losing your money. PayPal will investigate your complaint and refund your money if it turns out that you’ve fallen victim to scammers.
Once you turn to PayPal for a refund, contact your bank immediately. They may also offer you a solution.
Finding out that you’ve been the victim of fraud is far from pleasant, but the good news is that PayPal has processes to ensure you get your money back in the event of fraud. So if you’ve been scammed, take a deep breath and do the following:
Once you realize that you’ve been scammed, you can always try to cancel the pending payment or turn to your bank for chargebacks through your credit or debit card.
Fraudsters use dozens of scams to swindle you out of your personal information, account login details, or significant amounts of money. Take a look at the most popular PayPal scams:
This is one of the most popular PayPal scams. The fraudster will send you an email asking to confirm payment for a seemingly recent order. The scammer will ask you to log into your account via a link in the message. This way, they will gain access to your account details and personal information.
The user receives an invoice from a supposedly legitimate PayPal email address (most likely the email is spoofed) stating that they owe money. If you receive suspicious emails like this, check your recent purchases and invoices, and contact PayPal by official means to confirm the request.
Sometimes PayPal scammers use smishing to get your data or login credentials. Beware of messages that look like fraud alert notifications from PayPal. It might report an unauthorized attempt to access your account or warn about suspicious activity on your account. Although PayPal does send text messages, you should stay vigilant if you receive such messages out of the blue. Clicking on a provided link and logging in may result in scammers gaining access to your account.
If you receive an unexpected request to change your password, never click on the link in the message. Log into your account via the official PayPal website and change your password in case your account has been hacked.
Another popular PayPal scam is a charity fraud. You may receive emails asking you to donate to a fake charity campaign. Even though the scammers send you payment confirmations or invoices for the donation, you may kiss your money goodbye. Never click on suspicious links asking for donations. Make sure the organization you are donating to is legitimate and donate only though the means mentioned on their official website.
Not just regular users fall prey to cybercriminals, but also sellers and retailers. A scammer overpays for an item, usually from a stolen credit card, and asks the seller to return the price difference. Once the difference is returned, usually to a different account number than the one used to make the transaction, the scammer cancels the initial transaction and leaves the seller empty-handed.
Some PayPal scams can be as simple as providing an invalid shipping address. Fraudsters send the seller a false shipping address, and once the shipping provider marks the parcel as undeliverable, they send the shipping company their actual address. Then the scammer reaches out to PayPal and cancels the transaction due to an undelivered package. To avoid such fraud, always verify the address you are shipping to.
Here are some ways you can protect yourself from PayPal scammers:
This is an easy one, because any serious company would not send out emails with bad grammar and spelling mistakes. However, it is essential to note that because people are usually alarmed by the possibility that their PayPal account has been compromised, they may not focus on spelling and grammar.
PayPal will always use the customer’s full name in the email. If you receive a generic greeting (“Dear User,” “Hello customer”) or no acknowledgement at all, it’s a dead giveaway that this is a fake email.
If you are still unsure whether the email is real or not (for example, somehow the phisher had good grades in grammar and used your full name), don’t click on the link that will say “Log in,” “Resolve now,” or some other variation. PayPal will never ask you to log in to confirm your existing account. Any sense of urgency should also raise your suspicion.
You can check the link quickly by putting your mouse over the button but not clicking on it. The URL will show up at the bottom of the screen. If it says http://www.paypai.com, don’t click on it. PayPal uses HTTPS, and you are about to become a phishing victim.
If you still need clarification, open a new tab, go to your PayPal account, and check if there’s a notification. If you find nothing – know that the email was another phishing attempt.
If you want to take security into your own hands, look no further than a VPN. Services like NordVPN encrypt your traffic and mask your IP address, improving your privacy while browsing online. Having a VPN enabled on your device is vital when connecting to public networks. Hackers can set up fake hotspots and then monitor what you do online, intercept your passwords and other personal information.
Create complex and unique account passwords. This will make it harder for fraudsters to get into your accounts and steal your data. Also, use a password manager and keep your login credentials in a secure application.
Be skeptical, and do not hesitate to verify the authenticity of any email in your inbox. Contact the organization or the person the email was supposed to be coming from by other means to verify.