Unfortunately, where money is involved, fraudsters are not far away. This also applies not least to the online payment portal PayPal: Criminals use all kinds of sophisticated scams and lousy methods to try and make a quick buck — at the expense of innocent users, of course. It’s no wonder that crooks are targeting the payment platform from California: PayPal’s annual turnover last year alone (2022) was almost 28 billion dollars, so there’s something to be had.
If you don’t want to become a victim of shameless scammers yourself, you should know the most common PayPal fraud methods and follow a few simple rules — both of which we present to you in this article.
How do PayPal scammers operate?
As with scams on other online platforms, the main aim of PayPal scammers is to obtain sensitive data or gain control of user accounts — the two are often linked. Phishing methods, fake invoices, hijacked accounts, or the manipulation of shipping addresses are used. The following strategies are typical methods used by scammers:
Customers pay too much
Sounds easy at first, who would be bothered by too much money? But if a buyer transfers too much via PayPal and then asks a seller to repay the overpaid amount by bank transfer (i.e. no longer via PayPal), you should be sceptical. As soon as you comply with such requests, fraudsters may be able to withdraw the original transfer via PayPal and you will lose the previously refunded amount forever.
Fraud using supposed shipping companies
Bold and imaginative: Scammers use this method to contact unsuspecting sellers of heavy or bulky goods that cannot simply be sent as a parcel by post. Goods that were originally intended for collection are also suitable for this scam. The crooks then suggest having fridges, washing machines, or other large goods delivered by a haulage company. The cost of the costly transport, they promise, will be sent to the seller together with the purchase price via PayPal.
Anyone who accepts the offer then receives a fake transfer receipt, which sometimes looks deceptively genuine — as if it came directly from PayPal. In fact, you have not received any money at all. Now comes the final request: All you have to do now is transfer the transport costs you have already received to the supposed shipping company and the deal can be finalized. You guessed it: The haulage company doesn’t exist, the fraudulent “buyer” collects the money himself and disappears.
To avoid this: Never respond to dubious proposals by email. And be sceptical if buyers are in a hurry.
Phishing: The lucrative scam classic
Philip Steury Photography
“Phishing” is a neologism from the word “fishing” and refers to the attempt to obtain sensitive user data using fake websites, emails, or other messages. Fraudsters usually target access data or credit card numbers.
In practice, it works like this: Users receive a fake email, sometimes better, sometimes worse, which is intended to give the impression that it officially comes from PayPal. It often calls for action with suspicious urgency: For example, because your own account is at risk, you should change your login details quickly. A link for this is often attached to such phishing emails. However, if you follow the link, you end up on a fake page and are asked to enter your login details. These are then saved and can be used by criminals to gain access to your PayPal account.
How to protect yourself against phishing: Do not click on strange links in emails or messages and do not open any dubious attachments in your emails. Two-factor identification also promises protection against phishing, as mere access data is generally no longer sufficient to exploit user accounts.
The ‘Friends and Family’ payment option is free — but can be expensive
PayPal currently offers two different payment methods, namely “Goods and Services” and “Friends and Family.” The important distinction: Only with the second option are money transfers free of charge for the recipient and the sender, whereas the first option incurs fees. However, PayPal’s buyer and seller protection is only available for this first option, i.e. for “goods and services.”
For many private sales, often also for classified ads, sellers would like to use the free version because it saves a few bucks. However, this is not without risk, as payments made cannot be easily reclaimed — and crooks and fraudsters also take advantage of this.
PayPal 101: You should always observe these important rules when using PayPal
To protect sensitive data and your assets, you should always observe a few simple rules when using PayPal. The payment system is secure and reliable as long as you are not careless with it. Every user should take these golden PayPal rules to heart:
- Use PayPal’s buyer and seller protection. Buyers can use it to claim back the full selling price if an item does not match its description or if it does not arrive at all. Sellers are protected because they can enforce their claim for payment, even if a customer claims not to have received a delivery, for example. You can find all the information about buyer protection and seller protection here.
- Do you have suspicions? If you have received suspicious messages and are not sure whether they actually come from PayPal or from a fraudster, then it is best to contact PayPal support directly: Simply forward the email in question to phishing@paypal.com with a brief explanation.
- Always check the sender’s address for messages: This can be done quickly by clicking on the sender’s name. Make sure that addresses clearly originate from PayPal, such as “service@paypal.com” and do not contain any suspicious characters or numbers.
- Use a password manager to manage your access data: We explain why this is so important and which programs are particularly suitable at the end of the article.
Warning signs with PayPal: Spot attempted fraud
Scammers like to try and scam as many users as possible at the same time — this increases the chance of being successful with at least some of them. However, this approach also makes scams easy to spot, as such mass scams use the same methods on all potential victims. You should always look out for these warning signs when using PayPal:
- Generic spellings: If you are not addressed by your name in emails, but rather generically (“Dear PayPal user” or “Dear Sir or Madam”) then this is already a bad sign. PayPal itself does not communicate in this way; official emails always contain the surname and first name. Check the sender’s email address carefully and look out for any phishing links or malicious attachments. If in doubt, forward the email to phishing@paypal.com and ask for information.
- Bad English: Phishing emails are often translated into English using translation programs. If there is something wrong with the grammar, you should be alert.
- Beware of false urgency: If you are put under time pressure in an email or if the sender is brash and pushy, this is a clear warning sign. Fraudsters often want to pull off their scam quickly before users become suspicious or before you find out about them. Never allow yourself to be pressured or persuaded to act quickly or rashly. Official messages from PayPal will never be intrusive.
- PayPal never asks for personal data in emails: PayPal will never ask you for information such as bank details, credit card numbers, email addresses, or passwords by email.
- File attachments and dodgy links: PayPal does not send file attachments or ask you to follow links in emails. If you want to change settings or data at PayPal, it is best to enter the address yourself in the browser or use Google.
Important, not only for PayPal: A good password manager is a must!
If you look at the most popular passwords, you could laugh about it — if the topic wasn’t so serious and potentially risky. According to a survey by Nordpass, the three most popular passwords in 2022 were “123456,” “password,” and “123456789.” While hackers and fraudsters rub their hands with impatience in the face of such data naivety, bad passwords often have drastic consequences for users — and can quickly become expensive if fraudsters gain access to the account.
Good passwords should have at least 12 characters and consist of the most cryptic character strings possible. At the same time, it is an absolute no-go to use identical passwords for different services or portals. Because good passwords with long and complicated character strings are almost impossible to remember, we recommend that our readers install a strong password manager on all internet-enabled devices.
Such tools, which are often free, can be used across all devices and platforms and promise lasting security and ease of use (thanks to autofill or automatic password creation). Here you will find our selection of the best password managers.
This article was translated from German to English and originally appeared on pcwelt.de.
