Paypal Scams and How to Avoid Them

Paypal is a payment method of sending money from one person to another, and without it, the internet would be a completely different place. The company has been around since 1999 and boasts a speed and ease of use that most banks are only recently starting to approach.

Once you’ve signed up to the service and linked your bank account and credit cards, you can transfer money to someone you’ve never met without needing more than their email address. There’s no need to copy account numbers, sort codes and actual physical addresses as you would with a traditional bank transfer. And you don’t have to keep excess funds in your bank account against the day—possibly far in the future—when someone cashes a check you had entirely forgotten about.

An email address. That’s it. Simple.

Paypal does a great job of keeping your funds safe when you buy, sell or send money online. Every transaction is encrypted—meaning no one ever gets to see your bank details, and the company guarantees purchases and can reimburse you if the item you receive doesn’t match the seller’s description.

It’s no wonder that almost every transaction you make online in 2024 can be handled by Paypal.

But the fact that there are currently almost 400 million active accounts worldwide makes Paypal an almost irresistible target to scammers and hackers, who have honed their craft in order to get their filthy hands on your money.

Here’s what you need to know about Paypal scams nowadays.

Keeping Your PayPal Account Secure

To log into Paypal and start spending money, all you need is an email address and a password.

Your email address is probably already out there. You use it to send mail to friends, acquaintances, and associates; you’ve used it to sign up for giveaways and offers and mailing lists.

Many of these will have no moral or legal qualms about selling or renting to whoever is willing to pay. There are even guides on how to make money from other people’s email addresses, written for the unscrupulous hustler about town.

The individuals and companies who have a written record of your email address probably register in the hundreds, if not thousands.

That’s not taking into account that large corporations are regularly subject to data breaches, which see millions of credentials stolen and sold on the dark web.

You can take it as a cold fact that any email address you’ve ever used is available to people who want your money and don’t care how they get it.

All they need now is your password.

Passwords are easy to crack or to guess—especially if they’re on this list. And if they’ve previously been revealed as part of a data breach—even in encrypted form—they can be compromised in a matter of weeks.

To check whether your email address is already on a list of potential targets, check out the Have I Been Pwned website.

If you’re concerned that your password is just waiting for a buyer, visit Have I Been Pwned’s Passwords page.

What You Can Do About It

• Use a unique email address for Paypal. Go to Gmail right now and set up a new address, then register it to your Paypal account. Do not use it to sign up for special offers, do not send mail with it, and do not use it to open any emails which are not from Paypal. Make it as unique and unguessable as possible. “[email protected]” is the kind of email address that could be easily guessed. Use something unrelated to your name.
• Set a unique password. Keeping track of passwords is a pain, and it’s tempting to either use an easy password or to use the same password for more than one service. Don’t. Your Paypal password should be unique, complex and unguessable. To keep track of all of your account passwords, consider using a password manager.
• Use Two Factor Authentication. Two Factor Authentication (2FA) means that Paypal uses an additional method to check that the person logging in with your email and password is actually you. Usually this is done by sending a short code by text to the phone number registered on your Paypal account. Paypal also supports a number of dedicated authenticator apps that will generate the code for you.

Paypal Email Scams

Great—you’ve set up a unique, unguessable email address and a unique, unguessable password. You use both only with Paypal. You’ve set up Two Factor Authentication.

You might think that your account is now completely secure.

Wrong. You’ve made it more difficult for the scammers to break into your account, but not impossible. Their next step is to trick you into giving them your email and password.

Imagine you receive the following in your mailbox:

“Dear Customer, We have noticed recent unusual activity on your Paypal account…”

There is more along those lines, it’s written in flawless English, and even the sender’s address seems to be genuine. You’re encouraged to click on a link to log into your Paypal account to check on your transactions.

Obviously, you’re worried. The thought of scammers siphoning off your hard-earned cash fills you with dread.

You click on the link to check what’s gone wrong and to stop the thieves in their tracks.

Congratulations. You’ve fallen victim to a phishing scam, and you’ve entered your Paypal account details into a phony website where they will be picked up and used by teenage villains to buy in-game items to use in Fortnite.

When the bills start rolling in, you realise you could have prevented this by taking a few simple precautions.

What You Can Do About It

The first thing you need to do is check that the email is actually addressed to you. All my emails from Paypal begin Hi Chris Hauk because Paypal knows my full name. They never start an email by addressing me as Dear Customer, because by using my full name they are verifying that they know who I am and that I have an account with Paypal.

This reinforces the importance of setting an email address completely unrelated to your name. If I had used [email protected] to register my email account, scammers could send out a more personalized email.

The second thing to check is that the link to the Paypal site does actually take you to the Paypal site.

Hovering your mouse over any link will cause the address to which it is linked to appear in the bottom left corner of your browser.

If the address is Paypal.com, the chances are that the message is legitimate. Payypal.com doesn’t count, and nor do Pypal.com or Paypal.cf.

Believe it or not, Paypal does not actually own all the Paypal second and third level domains. You can buy paypal.cx for $20 or paypal.me.uk, which is a bargain for only $7. These names look legitimate, but they’re not. I can buy them, you can buy them, and scammers can buy them to create fake paypal sites to trick the unwary.

If you’re convinced that the message is legitimate, close the email and open a new browser tab, navigating directly to paypal.com. If the company has sent you a message, It will be waiting for you in the messages section.

One final thing to note about email scams is that you should never have images set to load automatically in your email client.

Images can contain snippets of code and unique identifiers which, if allowed to load, can tell scammers that the email address is active, in use, and that the owner probably has a Paypal account.

Paypal Text Scams

This is similar to the previous Paypal Email Scams section. You receive a text message along the lines of:

“PayPal – Dear Customer, some unsafe activities were reported on your account. For your safety, please regain access to your account at: https://paypal-safetylogon.net/?paypal.”

If you’ve been paying attention so far, you’ll already know the warning signs.

The text is addressed to Dear customer rather than to an actual name, and the website is not paypal.com, it’s paypal-safetylogon.net—a site that has nothing to do with the real company.

If you click on that link, even if you don’t put your details in, the scammers will know that your phone number is associated with an actual Paypal account.

Your phone number can then be cloned to help with Two Factor Authentication. It’s not trivial to do, but it’s not massively difficult either.

What You Can Do About It

Do not click on links in text messages. Open your browser and type in the address directly: Paypal.com. If Paypal has really sent you a message, it will be in your messages section.

Friends and Family Scams

Paypal exists to make money, and as such it charges fees for the transactions that take place using its service.

One area in which those fees do not apply is when sending money to your friends and family. It’s super handy to be able to borrow 50 dollars from your mate Dave without actually needing to drive to his condo to pick it up.

Dave knows you and trusts you, and Paypal trusts that if Dave is sending 50 bucks to his pal Chris, he doesn’t need the usual guarantees and assurances that the company usually offers.

Because there are no fees associated with sending money to friends and family, it can be tempting to buy goods and services online using the same method. You pay a lower price overall because the seller doesn’t need to pay a 2.5% fee to Paypal.

And the bigger the sale value of the item, the bigger the savings you make by telling a little white lie.

The thing is, by using Paypal to buy goods and services in the way that it’s intended, you’ll be covered in case the goods fail to materialize or if they never even existed.

All you need to do is file a report with Paypal and they will refund the money to your account. They will cooperate with the police, and they will ensure that you do not in any way lose out as a result of using Paypal.

However, sending money to friends and family means that there is no expected quid pro quo.

If you buy goods online—sending money via Friends and Family—and the goods never materialize, Paypal will not reimburse you and will not help you to track down the scammer. The money is gone, and you’re completely on your own.

You can’t complain that the $10,000 you sent to Bogus Bill for a new GPU disappeared and was never seen again. As far as Paypal is concerned, that $10,000 was a gift sent to a friend. They won’t investigate, and the money will remain safe in Bogus Bill’s Paypal account.

What You Can Do About It

If you treat Paypal honestly, they will deal honestly with you. By misrepresenting the nature of your transaction in order to get a measly 2.5% discount, you’re committing fraud and nobody is going to come to your aid.

Be honest and don’t use a Friends and Family transfer unless it is genuinely a cash transfer to people you know, trust, and from whom you’re not expecting anything in return.

The “You’ve Won a Prize!” Scam

Everybody loves winning prizes. Personally, I’m a fan of church raffles and tombolas—I pay a dollar for a ticket and I could win something that is, in all honesty, probably worth about a dollar.

Scammers love to prey on the fact that people enjoy winning things, and the bigger the prize the better—especially if there are costs associated with it.

Imagine you won a new car in a higher class of raffle than the ones in which I usually participate. It’s reasonable to expect that you wouldn’t be able to drive it straight away.

You need to get it registered; you need insurance; you need to fill it with gas: and oh no! The car is on the other side of the country, so you need to have it delivered.

These are reasonable costs, and if you were buying the car from a dealership, you wouldn’t think twice about paying the dealer to take care of them for you.

So it’s reasonable for you to pay these costs for the car you just won. In fact, the excitement of winning means that you probably won’t even question the costs too much as it might delay your new vehicle’s arrival. You’ll even send the money via Friends and Family.

But there was no car. The competition was a fake, and now you’ve just sent off $1,000 via Paypal.

You’ll never see that again.

What You Can Do About It

Do you remember entering a prize draw for a car? Check your old emails and see if you did. Search your Facebook history. If you paid a fee to enter, the transaction will show up in your Paypal history.

But you probably didn’t, and it’s impossible to win a competition that you didn’t enter.

Before you send off any money at all, do some research into the company that organized it and is awarding the prizes. Do they have a brick-and-mortar location and a telephone number? Does anyone answer the telephone or does it ring out to voicemail?

If it sounds too good to be true, then it probably is.

The Old Ones are the Best

“Dear sir,

I am Mr. Jeff Bezos of AMAZON,  and I have decided to give you $100 million in order to help your career development.

In order to claim this money grant, you will need to send $100 via Paypal to [email protected] to cover the transfer fee (You can get a discount by sending it as Friends and Family).

Please do this as soon as possible or I will need to find another beneficiary.

Best and kindest wishes,

Jeff Bezos of AMAZON”

What You Can Do About It

Jeff Bezos is not about to send you $100 million via Paypal. Nor is Bill Gates, the Chairman of The World Bank, or a Zimbabwean princess who is locked out from her billion-dollar sovereign wealth fund and only needs $100 from you in order to liberate it.

These are scams. Read them, laugh a little, then delete them.

Do not send any money via Paypal.

Conclusion

Avoiding Paypal scams is largely a matter of common sense and making sure that you double-check everything before doing so much as clicking on a link. These are my top tips for staying safe from scammers if you have a Paypal account.

• Use a unique email address and password for Paypal. Do not use these for anything else.
• Set up Two Factor Authentication on your Paypal account.
• Never click on any links in a message purporting to be from Paypal—go directly to the website instead.
• Don’t send money using Friends and Family unless the money is actually going to friends or to family.
• Use your common sense—Billionaires don’t send money to people they’ve never met and it’s impossible to win a competition you didn’t enter.

If you follow these simple guidelines, you’ll remain safe while using Paypal.

Paypal Scams FAQ