15 Common PayPal Scams to Watch Out For: Tips for Online Shoppers

Paypal scams.

When shopping online, you want to feel 100% sure that the service you are handing over your details is safe and secure. One of the most popular payment methods for online shopaholics is PayPal. However, is PayPal safe, and how secure is it when checking out online?

Throughout this article, we will discover 15 of the most common PayPal scams and online fraud scams to watch out for and how to avoid them.

Is PayPal Safe to use when buying things online?

PayPal itself is one of the safest and most secure online payment systems. It uses advanced encryption and two-factor authentication to ensure that only you can access and enter your online accounts. You don’t have to give out your bank or card details to make a transaction; all transactions are monitored 24/7.

But with so many users, of course, PayPal scams are a popular target for scammers and fraudsters. They will try to get hold of your username and email any way they can using common PayPal phishing techniques, as discussed in this article.

If you are one of the unlucky ones, PayPal puts transactions on hold while issues are resolved. PayPal has a dedicated security team monitoring suspicious activity in user accounts, but, as the adage goes, it is better to be safe than sorry.

15 Common Paypal Scams

If you are a victim of PayPal phishing techniques, they will likely come from your own inbox or phone. If you are wondering is PayPal safe, then the first step is to be aware of what PayPal scam is out there and what you can do to avoid them.

1. Fake refunds

There are checks to go through before you make a payment through PayPal, so the likelihood of someone accidentally sending you money is slim. PayPal phishing techniques involve scammers sending you money from an account they have hacked.

Afterward, you will receive a message saying there has been a mistake and asking for the money back—to another account, of course.

You may think, “At least I’m not the one being scammed.” But if someone else has become a victim of identity theft, scammers are using you to take their money. In this case, the best thing to do is to cancel the payment and contact PayPal.

2. “Accidental” overpayment

This is a common PayPal scam you must look out for if you use a reselling site. A ‘buyer’ will purposely overpay for an item, asking you to send a partial refund. Once you’ve sent it, they will cancel the original transaction. Not only does this leave you short, but you’ve also lost the item you were selling.

These scammers will usually ask you to send the refund to a different account or by different means, such as a bank transfer. The safest thing to do is cancel their transaction and only send items once you have received the correct payment.

3. Alternate payment method

If you buy goods and services using PayPal as your method, you may be asked which payment method you prefer - “friends and family” or “goods and services.”

One method scammers use when targeting people is asking them to send money by choosing the friends and family option rather than goods and services.

Scammers prefer friends and family because it avoids fees and buyer protection policies, such as refunds. So not only are you not protected if something is wrong with your purchase, but if they are a scammer, you won’t receive any protection or chance of a refund.

You may think you are helping someone by letting them avoid fees, but your trust in a stranger will likely be a mistake. Always use the “goods and services” option when paying through your PayPal account so buyer protection covers you.

Internxt is a cloud storage service based on encryption and privacy.

4. Invalid shipping address

This PayPal scam involves the scammer buying an item from you or your business, aiming to receive both the item and a full refund from PayPal, leaving sellers at a loss. Here's how it works:

The scammer initiates a purchase using an invalid shipping address for items from your business. When the delivery fails due to the incorrect address, they contact the delivery service with a different, valid address. Once the item reaches the new address successfully, the scammer falsely claims they didn’t receive it.

Unfortunately, you have no proof of delivery to the original address, and this lack of evidence often works against you in disputes, as PayPal often leans in favor of the buyer.

The best way to avoid this is to check and validate shipping addresses before sending items via recorded delivery so you have proof to show PayPal.

5. Payment pending / fake payments

These are two very similar PayPal scams. When buying items, a scammer will say they have sent a payment, which must be pending. In doing so, the scammer hopes that you send the item in hopes payment will clear soon. Spoiler alert: it won't.

In fact, more sophisticated scammers may even send you a fake payment confirmation so you think you have already been paid.

To avoid this, only send an item once the money is in your PayPal account. Even if you get what you think is a payment confirmation email, log in to your account separately and check.

It's not hard to determine whether an email is genuine. The email address is usually a giveaway. But also check for spelling mistakes and weird-looking formatting.

6. Advance payment (Free Money!)

These scams tell you that you have won money or that some nice person is donating their money to you. The only catch is that you have to pay some sort of fee. It could be shipping fees, bank fees, or something similar.

If it seems too good to be true, it usually is. No one is sending you free money for no apparent reason. If you have entered a competition, they won’t ask you to make a payment to get your prize.

There’s nothing to do but ignore these kinds of emails. There are probably 100s in your junk email folder. Think about it. If someone was sending you free money, would they not use some of that money to pay any needed fees?

7. Fake charity donation requests

We all like to give back to society and donate to our favorite charities. But make sure that when you are donating money, it is going to the right place.

Scammers send out emails asking for donations to fake causes. If they have managed to get your details, they will know which will tug at your heartstrings the most. They may even pretend to be associated with an online shop you frequently use.

All charities must be registered and have a charity number so you can check them out. But if someone messages you supposedly desperate for help, you must use your common sense. There are many legitimate ‘giving’ sites where you can donate to good causes.

Internxt Send is a tool to send files securely.

8. Fake invoices from PayPal email addresses

Scammers often send invoices for large amounts to panic their victims into sharing their information. These invoices often come from verified PayPal accounts that have been hacked, making them seem legitimate.

A seller's note usually tells you to call their helpline if you didn’t make the transaction. If you do call this number, they will ask you to download something to your computer so they can ‘help’ you.

In reality, you will download a remote access tool, giving them control of your computer. PayPal won’t tell you to call a different number or download anything. You should always log in separately and report unknown transactions on the website.

9. Fake verification

Online privacy is always a worry, with the number of PayPal phishing attempts increasing. These involve emails, texts, and sometimes even phone calls impersonating a company, trying to trick you into giving them your information.

Emails are also a popular method, and scammers will send you a link to a fake website asking you to sign in. The link will steal your details if you enter your email and password, so its important to implement security measures to reduce the risk of stolen information.

Similarly, many businesses use .env files in their projects to store sensitive information, which can help set permissions for files so only the owner can access them. Likewise, you should keep your usernames and passwords somewhere you can access securely.

10. Fake promotional offer

These phishing scams are often emails or text messages with a link to follow. If the promotion looks too good to be true, it probably is. PayPal won’t send you free money for no reason.

There are also little tell-tale signs. For example, “Click here for £400 free for a limited time” to a US user is suspicious because why would it use English currency?

Taking additional steps to protect your email will help filter out these types of messages, and reporting fake emails to the relevant company will help stop scammers in their tracks.

11. Fake payment confirmation emails

These are similar to other phishing scams. You get an email, supposedly from PayPal, but this time it confirms a payment you don’t recognize. In this case, just log into PayPal separately to see if any payment has been made. You can also check the PayPal Message Center, where you can see any legitimate messages from PayPal.

12. Fraudulent account locked or password reset emails

Websites will send you a link to reset your password if you need to remember it. But scammers also use these kinds of emails to steal your details. They may also tell you your account has been locked due to fraudulent activity.

the easiest way to find out if there is a problem with your password is to log in to your PayPal account. If you are allowed to log in, your account hasn’t been blocked. If you haven’t requested a password change, the email is spam.

13. Smishing PayPal scams

Smishing is a form of phishing that you will generally receive as a fake text message impersonating PayPal. It could be similar to the above scams—fake confirmation, password reset, or promotional offers. Never click the links in text messages.

Remember to always log in to the website separately and implement extra authentication steps to your PayPal account as an extra precaution.

14. Vishing

Cyber security isn't the only thing to keep in mind when getting scammed, as phishing can happen via other means. Vishing, for example, is a type of phishing where scammers will call you pretending to be from PayPal’s support team. They may ask for login information or maybe even bank details over the phone.

If you’re wondering is PayPal safe for you to use, PayPal assures its users they will never ask for your PayPal account details - especially over the phone. The best thing to do is just put down the phone. If you feel pressured to do something, end the call if you think the call is legitimate or not. You can contact Paypal through the website if you need to.

Internxt is a cloud storage service based on encryption and privacy.

15. Malicious fake PayPal attachments

Scammers disguise malware as email attachments, which will get downloaded onto your device when you click on them. They scare the victims with malware containing attachments containing a message that their account has been hacked.

The attachment will look like an invoice or a receipt of payment. You can avoid this by getting an antivirus that scans email attachments before you open them, and by using a secure email provider that monitors incoming messages for harmful content.

What are the Warning Signs of PayPal Scams?

Generally, there are typical warning signs of PayPal phishing attempts you can look out for, including:

  • Bad grammar and typos: This is common with scam emails and texts. Is PayPal capitalized properly? Are there some full stops missing?
  • Generic emails: PayPal will always use your name in emails. This goes for most legitimate emails. If you get a message to “PayPal customer,” it is not legit.
  • Weird email addresses: Scammers use email addresses similar to the website they are impersonating. But they tend to have some random letters or numbers added. So, an email from paypal23jfjk is probably a scammer.
  • Urgent emails: Scammers want to create a sense of panic, so their victims act without thinking.
  • Suspicious links and attachments: PayPal will never send you attachments to open, so you can assume any emails with attachments are a scam. If you are unsure about links, use an encrypted email to block harmful content from appearing in your inbox.

But be aware that scammers are constantly finding new ways to steal information, especially via email. An effective method to protect your email is to use an encrypted email provider to protect your account from harmful links.

Furthermore, malware detectors can pick up things like lookalike domains or servers posing as CDNs to skim credit card data. But what is a CDN service? It is a group of servers linked over a wide geographic area, helping your webpage load faster.

Internxt is a cloud storage service based on encryption and privacy.

The Importance of Staying Aware of PayPal Scams

Now you know the common PayPal phishing scams, you should hopefully be able to avoid them with these tips:

  • Verify Communication: PayPal won't ask for sensitive information like passwords or social security numbers via email. Verify any communication directly on the official PayPal website or app.
  • Use Trusted Links: Avoid clicking on links in unsolicited emails or messages claiming to be from PayPal. Instead, type the official PayPal URL directly into your browser for secure access.
  • Check Account Activity: Regularly review your PayPal account for any unauthorized transactions. Report and resolve any suspicious activity immediately by contacting PayPal's official customer support.

If you are still wondering is PayPal safe for you to use, then rest assured, it definitely is if you implement suitable security measures to your PayPal account.

Furthermore, there will always be scammers trying to find a way to get your sensitive information. Still, as PayPal is such a popular online payment method, it requires extra vigilance to secure your accounts.

If you think you have been scammed, change your password for all your accounts immediately.Always report any suspicious activity related to your PayPal account by logging in and contacting the Resolution Center. You can also forward phishing emails to phishing@paypal.com and permanently delete them afterward.