How PayPal users get scammed

You know how to use PayPal safely, but every day, scammers come up with new tricks to gain access to users’ accounts and empty their pockets digitally. Today we’re sharing some of fraudsters’ most popular schemes.

Advance payment fraud

It’s not unusual for online scammers to use so-called advance payment fraud, a classic Internet scam, to defraud PayPal users. Victims receive notifications that they are owed a certain amount of money — could be an inheritance, winning the lottery, or some other compensation.

The options are limitless, but whatever the story, the victim has to make a small advance payment (in this case, using PayPal), and maybe fill out a form with personal data, to receive the money. Of course, the message sender disappears upon payment, and any personal data disclosed ends up in a database and perhaps sold on the dark web.

How to avoid this scam: Do not transfer money or disclose information about yourself to strangers. Most of these messages have plenty of red flags: absurdly generous winnings or compensation, grammatical errors, a sender’s address that seems more appropriate for a robot than a living person, and so on. Pay close attention to all of the details and do not make decisions in a hurry.

PayPal account problems

Scam number two: Houston, we have a problem. This scam begins with an e-mail that claims to come from PayPal and says something is wrong with the recipient’s account. But don’t worry, the problem can be fixed — just click on this link and log in.

Now wait a moment. That sounds a lot like phishing!

In 99% of cases, the link leads to a page that looks more or less like the real PayPal site, although on a slightly different domain. Log in from there and both username and password go straight to the scammers.

In especially severe cases, fixing the alleged account problem may require installation of a program “to help restore access.” In fact, it will be a Trojan.

How to avoid the scam: Again, look for errors in the message and Web addresses that do not match the service’s official address, and always remember that PayPal will never report a problem to you using that kind of wording in an e-mail.

By the way, you can check whether a website is real or a phishing site using our OpenTip service. Even easier, install a security solution that protects you against phishing and online fraud — it will recognize dangerous Web pages automatically and block them, even when you’re rushed or distracted.

These days, scammers spread phishing links not only by e-mail, but also on social media. For example, someone might set up a Twitter account with a name like PayPalGifts and use it to target gullible users. It won’t last long, of course, but while the account is up it can reap quite a harvest of user credentials.

Overpayment refund scams

Let’s now turn to some ways scammers entice people to give them money almost entirely of their own free will. Among the most common scams in this category are overpayment scams, in which a buyer sends a seller payment, but for some reason they send more than the sales price. The buyer claims it is a mistake, and asks for a refund of the difference, but immediately on receipt the buyer cancels the original transaction.

How to avoid the scam: Accidents happen, of course, but in most cases overpayment is implausible, and it should always be a red flag. In the event of a real error, it is safer for both parties to cancel the erroneous transaction and allow the payer to start fresh, resending the correct amount and carefully checking every one, zero, and decimal point. If they refuse, contact PayPal support right away.

Fraud involving delivery and payment cancellation

Another common scam concerns delivery. Sometimes fraudsters pretending to be buyers ask a seller to send goods using the buyer’s favorite delivery service, which supposedly offers them a discount. The crooks change the delivery address and then file a complaint, saying the goods were never delivered.

Another potential outcome is that the delivery company turns out to be a front, allowing a dishonest buyer to get their money back using existing legitimate mechanisms for goods sent in good faith.

Finally, this kind of scam may be perpetrated through address substitution: The buyer provides a fake address, and after several unsuccessful delivery attempts the company asks them where their purchase should be delivered. That way, they receive the package but nevertheless file a complaint against the seller claiming that they didn’t receive anything. Given the numerous reports of unsuccessful delivery, PayPal may believe the fraudster.

How to avoid the scam: Use only delivery services verified by you personally or by people you trust. Never send anything before receiving payment, and be sure to keep all receipts.

“Creative” payment schemes

Honest people can also be cheated using murky payment schemes. For example, PayPal has a money transfer option with reduced rates for family and friends. Sometimes scammers request a money transfer that way so as to save on commissions, and they promise a discount in return.

According to the rules of the platform, however, this method is not supposed to be used to pay for goods, and no customer protection program applies to such transfers. Anyone who sends a “friends and family” payment to a scammer can kiss the money — and the goods — goodbye.

Scams of this ilk also include offers to transfer money using alternative means that are supposedly more convenient, or cheaper, or for any other reason considered better by the seller. In general, if the other party insists on something like this, or starts spinning tales, or tries to create urgency (last chance to make a deal, in an hour’s time I’m flying to Alaska to live off the grid for the next 20 years), there’s probably something fishy going on.

How to avoid the scam: Ignore requests to use alternative payment methods. PayPal has very good protection programs for both sellers and buyers, but they work only for standard transfers made over the platform.

Charitable-contribution and investment scams

There is a special circle of hell for people who send out fake solicitations for charitable donations. It is not uncommon for such people to accept “donations” or “contributions” through PayPal. Canceling the payment is no help if the fraudsters claim the received funds promptly (which they will probably do), so you need to check that everything is legit in advance.

Be especially attentive to requests for a charitable donation during natural disasters and other force majeure events — rest assured, crooks will always be there to cash in on the misfortune of others.

“Profitable opportunities,” aka investment opportunities, can arise at any time. The scams are similar to those involving fake charities, but they are often characterized by promises of fabulous profits without any special risks. Of course, life doesn’t actually work that way.

How to avoid the scam: Research and verify interesting offers. Check the reputation of every charitable foundation (or investment company) you consider sending money to. It is best if you have acquaintances or friends who have worked with the concern and can vouch for its legitimacy, but regardless, you can verify charities on the Internet using services such as Charity Navigator, the Better Business Bureau, and Charity Watch.

How to avoid trouble on PayPal

Let’s summarize and outline some general tips to help you protect yourself against the majority of attempts at deception, account hijacking, and other such unpleasantness:

  • Look for red flags in messages: grammatical mistakes, attempts to incite a sense of urgency or danger, e-mail addresses and links that differ from the official ones (even if just by one letter);
  • Don’t trust messages unconditionally; check any potential issues through your personal account on the website or in the PayPal app (especially important when it comes to messages confirming the crediting of funds);
  • Never use an unfamiliar delivery service, and ship to the address indicated on the transaction page, no other.
  • Avoid the alternative money transfer methods fraudsters propose; PayPal’s protection programs do not cover them.
  • Don’t trust an offer that seems too good to be true; it probably isn’t;
  • Do not give out personal information to the other party beyond what is necessary for the transaction. In particular, never share your password;
  • Do not download additional software or any other suspicious files sent to you by e-mail. PayPal does not do that.