PayPal is one of the largest payment gateways in the world, so its no surprise that there are numerous phishing scams that make use of the company’s name.
Cybersecurity expert Theodor Porutiu, from VPN and security researchers VPNOverview.com (opens in new tab) has outlined the most common PayPal scams of the year so far, which range in their degree of sophistication.
Once you know what these are, you’ll know what to look out for and how to avoid them. Porutiu has also detailed the further steps you can take to sure up your online security posture even further.
Buyer – and seller – beware
One of the most common scams is via email, which is a scammer’s preferred way of making contact with potential victims, according to Porutiu. The email says tells the victim that their is a problem with their PayPal account, and includes a bogus link to access your account, which can instead lead to the takeover of your account by the hackers.
Another common technique is an email that offers some kind of financial reward, such as a rebate or a promotional offer. Again, there is a fake link to login to your account, which again leads to a fake version of the PayPal website that can be used by the hackers to steal your login details once you input them.
Related to this scam is one adds a personal touch, claiming that your financial rewards are the result of winnings or inheritance of some kind from an unknown source. This scam asks for an advance payment from you first in order to cover ‘transaction fees’ or some other fake expense, only to lose this money and never receive the payout you think you’ll be getting.
Some scam emails will claim that there is suspicious activity on your PayPal account, and ask you to call a number to cancel large transactions that have purportedly taken place. The fake call center will then try to elicit your PayPal login details as well as other personal information. These scam emails can use legitimate looking email domains and even mock up fake invoices to add to the urgency.
Aside from email, there are also scams that take place on other platforms. One of these is a shipping scam that targets online sellers, by asking them to use a different courier for the items they purchase, then reroute the package to different address. They then make a claim against you that they didn’t receive their order, and since there is no proof of receipt now the since the shipping method was changed, you have no choice but to refund the scamming customer.
Other variations on this is include providing the seller with their own pre-paid shipping label instead of asking for a courier change, and then rerouting the package, or by simply giving a fake delivery address to begin with, and when the delivery fails as the address doesn’t exist, they’ll provide the real one, at which point a rerouting has occurred and so they can again claim that they never received the order.
Another scam affecting sellers convinces sellers that they require products to be shipped first before PayPal will let them pay – and so they never do. And on the other side, some scam sellers ask for money to paid using PayPal’s Friends and Family option, which eliminates transaction fees, but since it is no meant for purchasing goods, there is likely no cover from the PayPal protection program in cases of fraud.
Fake charities are another top choice for scammers, preying on people’s emotions to defraud them.
In giving advice, Porutiu says to ensure that payments transacted in PayPal remain within the processor, even if the seller requests a refund via another method, as you will no longer be able to be helped by PayPal.
Other tips include always using your own shipping method, ship only to the listed address, only deal with verified buyers and sellers, and approach email links and attachments with caution.
Porutiu also recommends using good antivirus software to protect from malware that scammers might try and infect you with, and to only contact PayPal using the number listed on its website. PayPal will also only ever address you by your name.