PayPal is one of the oldest and best-known online payment processors with a global customer base of over 350 million users as at December 2020. The company is a frequent target for all types of cyber scams including phishing attacks, malicious links, spoofed websites, and more. Here are four common PayPal scams that you should be aware of.
One of the oldest PayPal scams is the phishing email scam. This spam is designed to trick users into logging into a spoofed PayPal website, which is an imitation of PayPal’s official site. It is a ploy to steal your log-in credentials, credit card information and clean out your PayPal account.
Cybercriminals begin the process by sending you an email warning that your account has been compromised, and that you must login to correct the problem. Messages may say things such as ‘Your account is about to be suspended’, ‘verify your account’ or ‘suspicious activity has been detected on your account’. Emails may have a .com address in the “From” field that looks like the company’s official website. Some users may have difficulty determining if an email message is not from the official organisation it is supposed to be from. This is what makes the scam so effective and dangerous.
Email messages may include links with clickable text, such as “https://www.paypal.com/cgi-bin/webscr/?cmd=_login-run”. This is a legitimate link to the PayPal website. It is included to fool you into thinking that you will be sent to the real PayPal site, but you won’t. You will be redirected to a bogus website, built to replicate the legitimate site. It will have the organisation’s logo, format and brand colours, and will look exactly like the organisation’s official website.
To find out where you’re going if you click on the link, always look at the bottom left corner of your webpage. That is the biggest indication that you’re being scammed.
In most phishing email scams, the fraudsters use scare tactics in order to get you to act immediately. The message tells the recipient their PayPal access has been restricted because they violated PayPal’s rules and guidelines. The email includes an authentic-looking ‘Case ID Number’ and informs the account holder that they have two days to restore their account. They will also provide an ‘Update Now’ button that the user can click on to login to their account. Clicking the link takes the user to a bogus PayPal login page. The page has a PayPal logo and requests a user name and password. At this point, if you input your information, you will have unwittingly handed over your PayPal login details to fraudsters.
When you login, you will be greeted with a second page asking you to update your account information. You’ll then be asked to input the following information:
- Your full name
- Your date of birth
- Your full home address
- Your mother’s maiden name
- Your full card number, expiry date and 3-digit security code
- Your password
Once you complete the form and hit ‘Save’, you’ve provided the fraudsters free reign over your digital kingdom and credit card.
Next, a ‘success page’ tells you that you have successfully restored your account access. When you click ‘re-login’, you’ll be taken to the legitimate PayPal site. Unsuspecting users may not even realise that they have just handed a chunk of their digital life to cybercriminals.
How to deal with phishing emails
- Avoid clicking any link or responding to the email. If you have logged into the bogus website and are unable to login to your account, contact PayPal by phone immediately.
- Forward the email to email@example.com.
- Forward the email to firstname.lastname@example.org.
- Delete the email from your device.
Website spoofing is the process of creating a bogus website that is almost indistinguishable from the real thing. And by using subdomains, cybercriminals have gotten very smart in the way that they setup the domain names for these fake sites. The simplest way to check if you’re on the legitimate PayPal website is to check the web address in the URL address bar:
This website address is “security-paypal-center.com”. This is a bogus PayPal address. PayPal’s web address is and always will be www.paypal.com” Anything else is a scam. PayPal also does not use region-based domains such as “co.uk” for the UK, or .fr for France. Specific regions and categories can come after .com. For example, www.paypal.com/uk/business. Anything else is bogus.
The next example is more challenging for users because of the use of subdomains. This can make it more difficult for some users to differentiate between a fake PayPal address and the legitimate one.
Here’s how a typical URL is constructed:
The image below is that of a bogus PayPal website. The fraudsters have been very clever with the way they have used a subdomain to deceive users into thinking this is the real PayPal website. But if you look carefully, you’ll notice that paypal.com.security.alert is the sub-domain while confirmation-manager-security.com is the actual domain. To the untrained eye, paypal.com appears to be the domain name. You would see the displayed green padlock which indicates that this is a secure site. Eventually, you would conclude that this is a real PayPal page.
The text message scam
The text message scam is a phishing message that randomly targets users in the same way as the email scam. It falsely claims that recipients have had money transferred from their account to an unknown individual. It also provides a convenient link to a bogus PayPal page where users can login to question the transaction. As with the email scam, the goal here is to steal your login details and financial information. You should deal with the text message in the same way as you would deal with the email message described above.
Social media scams
Fraudsters are using social media sites like Twitter to target PayPal customers with phishing scams to steal confidential information. According to a report by cybersecurity firm Proofpoint, these cybercriminals create fake customer service accounts on Twitter to intercept customer requests for assistance that are sent to the official PayPal Twitter account. These accounts include the word “ask” in their Twitter username, which is a well-known prefix for customer support accounts on social media. The customers will receive a tweet from that includes a malicious link to direct users to a bogus PayPal page where they are prompted to login to get their issue resolved.
Overpayment refund scam
If you’re selling anything on PayPal, this is a scam you should watch out for.
The way it works is this:
- The buyer uses PayPal to pay for your product.
- The buyer overpays on purpose. For example, if the product costs £500, the fraudster may pay £650.
- The buyer contacts you and asks that you refund the £150 difference by wire transfer or a PayPal account specially created for this scam.
To a seller, this overpayment might seem like an oversight, but what has in fact happened is that the buyer in all likelihood used a stolen credit card to make the purchase, knowing that at some point in the future, PayPal is going to reverse the payment. By asking you to pay the difference to another account, they get to keep the product and they get to keep the extra £150 that you paid to the other account which no longer exists.
How to avoid falling for the scam
Everybody makes mistakes, but buyer overpayment, in most cases, is deliberate and should always be a major red flag. If a buyer doesn’t have an ulterior motive, there’s no conceivable reason for him or her to overpay so much. In order to avoid falling victim to this scam, if a buyer overpays for your product, the best course of action is to cancel the transaction and ask the buyer to purchase it again with the correct amount.