As one of the largest online payment processors in the world, PayPal is a huge target for scammers. They prey on unwary PayPal users to steal goods and money in a number of creative ways.
The most common PayPal scams of 2021 include:
- “Problem with your account”: The hackers claim that there’s a problem with your account. They send a phishing email to a spoofed website to get your credentials.
- Promotional offer scam: Hackers send you an email telling you that you’ve received a cash rebate or an incentive. They send you a spoofed website to get your login details.
- “You have money waiting!”: Emails that tell you that there’s money in your account. Hackers send a spoofed website to get your details.
- Advance payment scam: Hackers claim that you are entitled to a large sum of money, but an advance payment is needed to release the funds.
- Shipping address scams. Using fake shipping addresses, bogus shipping labels, and other strategies to send goods to untraceable destinations.
- Hacked accounts: Using a hacked PayPal account to pay for an item.
- Alternate payment requests: Requesting to use the PayPal Friends and Family money transfer option to pay for goods (which is not permitted by PayPal).
- Overpayments: Sending a seller more than the agreed-upon sale price, then asking for the difference to be refunded outside of PayPal.
- Payment pending claims: Asking the seller to provide a tracking number so that the payment funds can be released to the seller.
- Fake charities: Creating fake charities and using PayPal as a way to make donations.
Read on to find out how these scams work, and what you can do to avoid becoming a victim on PayPal.
PayPal is a giant in online payment processing, with nearly 400 million users making billions of transactions each year.
The sheer processing volume makes PayPal an appealing target for fraudsters looking for an easy payday. The security risk, though, doesn’t come from where you’d expect.
Phishing scams and fraudulent transactions at the individual account level are a much bigger threat than a system-wide breach of the entire PayPal platform.
For this reason, it is important to learn about the most common types of PayPal scams and understand how to avoid them.
Common PayPal Scams
There are endless ways for scammers to try and separate you from your money. You may have already heard of popular scams circulating on Facebook and Instagram. However, there are certain strategies that fraudsters rely on again and again. Why? Because these common scams work.
Here are the most common PayPal scams in 2022. Many involve email, but some masquerade as legitimate PayPal transactions.
1. The “problem with your account” scam
Email is a preferred method for scammers to steal your money. Fraudsters have a fairly standard playbook that unfortunately delivers results. You may receive a phishing email claiming that there is an issue with your PayPal account. The email also includes a link and requests that you click on it to log into your PayPal account. Here’s an example of a common PayPal phishing email:
This email is bogus and the link takes you to a spoofed PayPal website. When you enter your login credentials on the imposter site, the data is immediately transferred to the scammers. They now have everything they need to access your real PayPal account. You can guess what happens next. It’s one of the most common social engineering attacks designed to gain access to your PayPal account.
2. The promotional offer scam
You receive an email offering a cash rebate or some other financial incentive, and all you have to do is log in to your PayPal account to verify a few details. Just like other email scams, the link in the email directs you to a fake PayPal website.
If you click on the link and enter your login credentials, the scammers get access to your credentials and can drain your account.
3. The “you have money waiting” scam
You get an email telling you that you’ve received money in your PayPal account. All you need to do is click on the link to release the funds!
Unfortunately, the link in the scam email directs you to yet another pretend PayPal site. Once there, if you type in your PayPal login credentials, the scammers get that information and use it to gain access to your legitimate PayPal account.
4. The “advance payment” scam
Who doesn’t like receiving an unexpected windfall? This scam plays on emotion, sending you an email notice that you’ve won, inherited, or are entitled in some other way to receive a large sum of money from an unexpected source. The only catch is that you first have to send a small sum via PayPal to cover transaction fees (or some other bogus expense). It’s enticing, which is what makes it so effective.
Sadly, the old adage “if it’s too good to be true” is appropriate here. Once you send the small sum, you never hear from the scammer again, and you’re out the money you sent.
5. Shipping address scam
There are other ways clever crooks will try and steal your money via PayPal. Unlike unsolicited emails that lead you to pretend PayPal websites, these scam methods involve actually engaging with you on the real PayPal platform. There are several types of common PayPal scams that involve shipping addresses:
- Buyer wants to use a preferred shipping method – the buyer will ask you to ship their item using their preferred shipping company. They might claim they get a discount, the shipping speed is faster, or give any other reason. If you agree, the buyer can easily contact their shipper and reroute the package to a different address. They then contact PayPal and file a claim for non-receipt and ask for a full refund. Since you can’t prove the item was received, you’re out the money, the item, and even the shipping fees.
- Buyer provides their own shipping label – sometimes a buyer will offer to send you a pre-paid shipping label. They might claim that they get a cheaper rate or give a generic excuse. If you use their shipping label, the buyer can reroute the package to a totally different delivery address, claim they never received the item, and ask PayPal for a full refund. The shipping label may have been purchased using a stolen credit card, which may expose you to even more trouble.
- Buyer gives a fake shipping address – the buyer provides a fake delivery address. When the shipping company cannot deliver the package to that address, the buyer proactively steps in and provides a new, legitimate delivery address. The package gets rerouted and delivered, at which point the buyer files a claim with PayPal alleging they never received the item. Since the final delivery address doesn’t match the address listed on the Transaction Details page, PayPal will likely grant the refund.
These types of scams work because PayPal only offers a seller protection if they have proof of delivery to the address listed on the Transaction Details page. Here is a sample of what that screen looks like.
6. The hacked account scam
A buyer uses a hacked PayPal account to pay you for your goods. You don’t know the account was hacked, so you ship the product as soon as payment is confirmed.
Unfortunately, once PayPal discovers the hack, they will withdraw the funds from your account. You’re left without the product or the payment.
7. The “alternate payment method” scam
Sometimes a scammer will ask you to transfer money via PayPal’s Friends and Family option. This may seem attractive, because this eliminates the fee that PayPal levies on standard sale transactions.
Unfortunately, paying for goods is not permitted under the Friends and Family money transfer option. Any payments made like this are no longer protected by the PayPal protection program. Once you transfer money this way for goods, you have no recourse against claims of fraud later on.
8. The overpayment scam
A buyer purchases something from you and sends you more than the agreed-upon sale price. They claim the overpayment was a mistake and request a refund for the difference. They ask you to send the refund directly to an account outside PayPal. You oblige and transfer the balance to them.
Once the scammer gets the money, they dispute the original transaction on PayPal (usually claiming their account was hacked and no payment to you was intended). PayPal refunds them the full amount, and the money you sent them outside PayPal is gone forever.
9. The “payment pending” scam
A buyer engages with you on PayPal to pay for an item you are selling. They message you, claiming to have made the payment, but that PayPal won’t release the money to you until you provide a shipment tracking number.
The scammer wants you to ship the product and provide the tracking number before you get paid. If you do, the fraudulent buyer gets the item and disappears without you ever getting paid.
10. The “fake charities” scam
Scammers often use PayPal to con kind-hearted people looking to make a donation. In case of natural disasters, many people search for local charities where they can donate for relief efforts. Scammers use this to their advantage. They set up fake charities or donation sites and ask you for contributions via PayPal.
Before you make any charitable donations via PayPal, do your due diligence and verify that the charity is legitimate. There are several websites that do this, including Charity Navigator and Charity Watch. Another way to tell if a charity is valid is to check their website. If a charity doesn’t have a website, this is a big red flag. If the website looks suspicious (doesn’t use HTTPS protocol), it’s best to avoid it.
How PayPal Protects You Against Scams
PayPal offers two types of protection for its users: PayPal Buyer Protection and PayPal Seller Protection.
PayPal Buyer Protection
If a qualifying transaction on PayPal goes wrong, the buyer is entitled to a full refund of their order. Buyers have 180 days to dispute a transaction. To qualify for Buyer Protection, the purchaser must:
- Pay with PayPal.
- Make a single payment (no installment payment arrangements).
- Keep their account in good standing.
- File the dispute within 180 days.
PayPal Seller Protection
For businesses accepting PayPal as a payment method for the sale of goods or services, the Seller Protection program guarantees that the seller may retain the full purchase price when certain criteria are met. To qualify, the seller must:
- Have a primary PayPal address in the United States.
- Sell tangible, physical items.
- Ship to the address listed on the Transaction Details page.
- Provide valid proof of shipment or delivery.
How to Protect Yourself from PayPal Scams
Staying safe on PayPal requires vigilance and common sense. Here are some ways you can keep your account safe from PayPal scams.
Dealing with PayPal scam emails
- Be wary of email links. Only click on email links when you are absolutely sure the email is legitimate (e.g. you asked the sender for the message or are otherwise expecting such an email). It is a much safer practice to log in to your PayPal account directly in your browser or app and check to see if the contents of the email are legitimate.
- Check the sender’s email address. You can also easily identify spam emails by looking at the sender’s actual email address. Don’t just go by the display name. Anyone can create a legitimate-looking display name, but it is harder to fake a legitimate email address. Click or tap on the sender’s display name, and the real email address behind the display name is revealed. PayPal only uses the @paypal.com email domain.
- Ignore PayPal emails that don’t address you by name. Legitimate emails from PayPal will always include your actual name (exactly as shown on your account). Greetings like “Dear Customer” or “Hello PayPal user” indicate a scam attempt.
- Delete PayPal emails that ask you to provide sensitive information or to download/install software. PayPal states on its website that it will never send you an email that asks for sensitive information like your password, bank information, or credit card details. They will also never send an email asking you to download or install any software.
Other strategies to avoid PayPal scams
- Don’t send money outside PayPal for transactions conducted on the platform. Legitimate buyers rarely overpay, but occasionally mistakes happen. Should a buyer overpay you, cancel the transaction and start over? Don’t honor their request to refund them directly to another account.
- Always use your own shipping method. When you choose the shipping method, you control delivery and won’t find yourself using bogus shipping labels or falling victim to rerouted packages.
- Only ship to the address on the Transaction Details page. When you ship only to this address, you satisfy one of the requirements of the PayPal’s Seller Protection program.
- Block package rerouting with your shipping company. Contact your shipping agency and add this layer of protection to every shipment. The buyer can’t reroute your package, receive it elsewhere, and claim it was never delivered.
- Only deal with verified buyers and sellers. When a PayPal account holder goes to the trouble to verify their account, it is a good sign they are not a scammer. If you do business with non-verified PayPal accounts, proceed with extreme caution.
For more tips on how to stay safe on PayPal, check out 9 Tips for Keeping Your PayPal Account Safe.
What to do if You’re the Victim of a PayPal Scam
First things first. If you think you’ve fallen victim to a PayPal scam, immediately change your PayPal password! If you’re looking for ways to create strong, secure, unique passwords for PayPal and your other online accounts, consider using a third-party password manager or the feature built into your favorite browser.
Change your PayPal security questions at this time, too.
|Type of Fraud||What to Do|
|Fake PayPal email or spoof website||You receive what you believe is a fake email from PayPal:|
The email you receive seems to be a legitimate email from PayPal:
|Unauthorized account activity||If, after logging in to your PayPal account, you notice a suspicious transaction:|
|Fraudulent transaction or buyer/seller||If you sent a payment but didn’t get what you expected, shipped an item and never received payment, or you think the other party is a scammer:|
PayPal is one of the most popular online payment services in the world, and for good reason. It offers buyers and sellers an easy, convenient, and safe way to exchange money with almost anyone, anywhere, and in many currencies.
To maximize your safety when using PayPal, it is important to be aware of the ways scammers will try and use the service to steal from you. Understanding what the most popular PayPal scams are – and knowing how to avoid becoming a victim – will keep your PayPal account secure.
Check out our list of the most frequently asked questions we receive about PayPal scams. If you still have questions, drop us a line. We’re always happy to help.
Legitimate PayPal emails will always address you in the body of the message with your real name (exactly as it appears in your account). Real PayPal emails will also originate exclusively from an @paypal.com address. To check the email address of the sender, click or tap on the sender’s display name to see the actual email address used. You can also read about other PayPal scams.
PayPal offers two protection programs – the Buyer Protection program and Seller Protection program. If you feel you’ve been the victim of a PayPal scam, visit PayPal’s Resolution Center and file a complaint about the transaction in question. PayPal will follow up with additional steps to take regarding your claim. PayPal is relatively safe, but it doesn’t hurt to secure your account.
Whether PayPal refunds your money depends on the type of transaction involved, and whether you meet the requirements of the Buyer Protection or Seller Protection program. Additionally, if you have tied your bank account or debit card to your PayPal account, PayPal may defer to your financial institution for hacks that withdraw money directly from your bank account.