Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

PayPal Scams: A Brief Overview

The online payment service PayPal is not only one of the most popular online payment methods but also a preferred target for phishers: PayPal regularly tops the lists of phishing topics worldwide. Every day, an average of 750 newly compromised websites are targeted primarily at PayPal users, according to our numbers, this resulted in more than 22,000 new sites per month and 270,000 sites per year.

What Is a PayPal Scam?

PayPal scams can come in many forms such as emails, advertisements, phishing links, and sites. Websites are intentionally being created to resemble official ones in order to trick users into giving up private information. Other sites may also be legitimate but compromised through security flaws. Users should always verify that pages asking for financial information are using https and use the safe browsing options provided by all of the most popular browsers. Our findings highlight the need for hosts and website owners to protect their sites, and for organizations and consumers to deploy an effective web security solution.

8 Most Common PayPal Scams

1. Fake Account Scam

Fraudsters have become pretty crafty over the years. Creating a fake PayPal account may be tedious, but it’s not impossible. Fraudsters will also build fake social media accounts and websites around their PayPal account to trick their victims by having a strong digital presence.

2. Phishing Scam

The most common way a phishing scam is delivered is through email. For this particular type of PayPal phishing scam, a notification email is sent in regards to a PayPal account being put on hold or funds being removed, and in order to fix this problem, the user can easily click on the provided link, but instead, it redirects them to a malicious a website.

3. Affiliate Scam

Affiliate marketing is where a promoter is given a commission for advertising a product or service. Scammers game the system by making fake purchases that result in payouts for unearned commissions and incur chargebacks to the vendor.

4. Partner Scam

This type of PayPal scam usually promotes a new platform to sell items on. This platform is totally illegitimate and scammers will make fraudulent purchases that the seller is responsible for. Once the seller realizes they never received payments, they are taken to a fake login page to follow up on the situation. Once this is done, the scammer now has access to your address and billing information.

5. Shipping Scam

This is when fraudsters lure you into wiring money to a bogus shipping company as the “preferred” way to ship items for a discounted price. After the money has been sent over, the buyer realizes that the order was made with a stolen bank account or credit card. Now the buyer losses the shipping cost and may become liable for returning funds to the stolen accounts.

6. Overpayment Scam

Scammers will often make a payment to a seller’s PayPal account that exceeds the actual cost. They contact the seller, explain why they overpaid, and ask for the difference to be refunded. Once the seller sends back the difference, the scammer sends a complaint to PayPal claiming that their account was compromised and never meant to make the purchase. PayPal refunds the scammer in full and keeps the amount the seller sent back for overpaying.

7. Investment or Charity Scam

Fraudsters will send emails enticing their victims to send money to a charity or investment fund through PayPal. This is usually a planned phishing attack because fraudsters have already compromised you and are waiting for the perfect moment to strike. This type of tailored and emotionally driven attack is called social engineering.

8. Stimulus Check Scam

This type of PayPal scam ran rampant during the pandemic and scammers took full advantage of it. People across the world were depending on stimulus checks to help with financial hardships and many were desperate. Phishing emails were sent to provide PayPal account, banking, or other financial information to expedite the process.

How to Avoid PayPal Scams

  • Look for red flags in messages such as grammatical mistakes, false sense of urgency, or danger. You should also be wary of email links that don’t match the official ones you’ve seen in the past.
  • Never use an unfamiliar delivery service and always ship to addresses indicated on the transaction page.
  • Avoid alternative money transactions because PayPal does not cover those in its policy.
  • Do not give out personal information to third-party entities beyond what is necessary to make a transaction.
  • Never download additional software or files since everything you need is within PayPal’s dashboard.

Final Thoughts

PayPal scams will continue to rise as our digital footprint grows, but other payment platforms are also susceptible to this growing threat. Since email is the most common way a PayPal scam is delivered, it’s important for individuals and businesses to have security measures in place. If you’re an organization that’s in need of stopping potential attacks in their tracks, contact us today or get a demo!

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...