Get powerful protection against online scams with Avast One
As one of the leading online payment systems, PayPal has a reputation for being a safe and easy way to send and receive money. But no payment system is completely immune to scams. Read on to learn about PayPal scams, how to avoid them, and how to keep all your online accounts secure with multipurpose security software like Avast One.
This article contains:
Generally, PayPal is a safe online payment system, because end-to-end encryption and two-factor authentication secure transactions. PayPal has more than 400 million active users and is used in 200 countries and territories worldwide — that’s a large pool of victims to scam. And scammers target anyone: rich or poor, individuals or businesses, big businesses or small family-run enterprises.
PayPal sends emails only for payment notifications, receipts, and promotional purposes. All other PayPal account communications are issued directly on their website or app. Any emails that PayPal does send out will address you by name, rather than an impersonal address like “Dear User.”
The primary email address for PayPal is email@example.com, and this is the address that’s usually used to send account statements and notifications of changes. PayPal sends receipts via the email address firstname.lastname@example.org. The email address paypal.me is also a legitimate domain meant for sharing your PayPal account and sending money more quickly and easily.
PayPal scammers have a lot of different ways to scam unsuspecting users on the online payment platform. Like all scams, they use social engineering tactics to trick you into thinking the order or payment is real. Below are the most common PayPal scams to watch out for.
Most PayPal scams begin with some type of phishing attack. Phishing is when a fraudulent email is sent to users with links to a fake website or that will infect your device with viruses or other malware if you click them. PayPal malware can be used to access personal information, such as passwords and financial information.
In a phishing scam, an email that appears to be from PayPal says that there is a problem with your account, and you must click the link to correct it. But the link doesn’t lead to the real PayPal website. Instead, you’re sent to a fake PayPal website that scammers control. When you log in, you give the scammers access to your real account — and your money.
Other types of PayPal phishing attacks may target specific individuals, otherwise known as spear phishing. These fake PayPal emails ask you to confirm your account information or shipping details. If you are an Apple user, scammers may also target your Apple ID in phishing scams. PayPal emails might also be spoofed, making it even harder to spot the scam.
Any time you engage in e-commerce, watch out for overpayment scams. In overpayment scams, a buyer deliberately overpays for an item and asks the seller to refund them for the difference. But instead of letting the original payment stand, the buyer cancels the overpayment, leaving the seller with less money and maybe even without the item they sold.
Any transaction that is overpaid via PayPal should be canceled immediately, as it’s most likely a scam. Thankfully, because PayPal is a secure payment platform, you can easily reverse PayPal payments if you act quickly.
In shipping address scams, the scammer provides an invalid delivery address, then contacts the delivery company directly to update the address and receive the package. But because the original delivery address is invalid, the scammer can complain to PayPal that they never received the package and ask for a refund.
Scammers pull this off in a few different ways. They may request a preferred shipping method or company, or send a prepaid shipping label to the seller. With these methods, the buyer has the ability to reroute the package to the correct address without the seller knowing. And because the fake address is what’s on the transaction details, PayPal may grant the refund.
To avoid this type of PayPal refund scam, ensure proof of delivery (in which the buyer has to sign when receiving the goods) and never agree to change the delivery address once payment has been made.
Advance payment scams are not unique to PayPal. In advance-payment scams, you’re informed that a large payment is on the way (such as an inheritance or lottery winnings), but first you must pay a relatively small deposit or provide personal information. While the payment address they provide is real, the money you’re promised to receive is fake.
This scam can also come in the form of a fake PayPal payment confirmation, but if you follow the link, you end up losing money. Thankfully, PayPal protects against fraud by monitoring each transaction to ensure it’s safe and secure, but some scams can still slip through the cracks.
Some PayPal scammers make up fake accounts alleging to be connected to a charity, then they ask for donations. The email or website may be spoofed — if the scammer claims to be a real charity — or it may just look convincing enough to be considered legitimate. They may even use a spoofed phone number as their contact.
If you don’t look into the legitimacy of a charity or the payment request, you’ll likely never see the money — nor the positive impact of your donation — again. Charities are commonly used for this type of PayPal scam, because it appeals to victims’ sense of generosity and nothing is expected in return, unlike a fake storefront.
Be sure to check the recipient’s details carefully and look into the legitimacy of the charity. Often, legitimate charities don’t accept donations via PayPal. If you find a legitimate website from the charity soliciting donations, donate directly through the website rather than through email links, as those links could be fake.
Fake PayPal payment scams target merchants. The “buyer” sends a fake PayPal payment confirmation email. The seller sends the goods, believing the payment has been received. Later, they realize the payment was fake.
While PayPal can’t recover the item without proof of transaction, you can confirm whether the email is legitimate by taking a screenshot and reporting it to PayPal to confirm.
Other types of PayPal scams include romance scams and tech support scams. While PayPal is generally a safe service for online transactions with small businesses, be wary of any situations that leave you questioning the legitimacy of a transaction — both as a buyer and seller.
If you think you’re the victim of a PayPal scam, secure your account immediately. Change your account password to something strong and secure and notify PayPal immediately if you’ve lost money as a result of the scam — sometimes PayPal will give you a refund. You’ll need to go to PayPal’s Resolution Center to report the scam.
Finally, report the scam to the police, because most scams are — or accompany — criminal activity. Reporting to the police will do little to help recover your funds after a scam, but it may help prevent the scammer from striking again in the future.
If you think your information may have been compromised as the result of a scam, data protection tools like Avast Breachguard can help keep your personal info private. Avast BreachGuard automatically notifies you if your personal information appears in any data breaches, giving you a head start on changing passwords and securing your online accounts.
PayPal has a standard procedure for reporting a scam. Phishing emails should be forwarded to email@example.com, and the email should be deleted from your inbox. If you think your account may have been compromised, change your password and update your security questions before using your PayPal account again.
If you suspect a scam related to unauthorized use or fraudulent activity, use the “Report a Problem” feature in the PayPal Resolution Center. From there, select the transaction to dispute and follow the instructions. If the scam resulted in a stolen identity, report the identity theft to the relevant authorities.
To avoid being scammed on PayPal (or any other payment platform), verify the authenticity of each email and transaction before you share personal or financial information, or before you send goods to a buyer.
Additionally, follow these basic tips to help you avoid scams on PayPal and any other platform:
Check for spelling errors or an unusual domain in the email address, such as .vip, .gdn, .win — these are telltale signs of suspicious activity.
Be skeptical — if something seems too good to be true, like a huge amount of promised cash, it probably is.
Don’t click links in emails appearing to be from PayPal. If there is an issue with your account, log in to PayPal directly and go from there.
Don’t use delivery services you’re not familiar with.
Don’t share personal information such as passwords or other login data.
Sign up for PayPal’s Seller Protection Program for additional fraud protection if you’re an online seller.
A great way to guard against PayPal scams is to make sure your own device is protected. Avast One is an all-encompassing, ironclad security solution against online threats. Its award-winning threat-detection engine blocks viruses and malware, and its data-monitoring tools will warn you in the event your online accounts are ever compromised.
Get Avast One today and ensure all your online accounts are protected against PayPal scams and all the other online threats out there.