Every Type of Phishing Scam
Phishing is a technique used by sellers to deceive victims into giving up their login credentials, usually using a fake web page that might look identical to the real thing. These scams usually take place over email, but scammers may also use text messages and social media since all they need the victim to do is click on the fake link.
These scams take many different forms, but the end goal is always the same: to get you to log in using your username and password. If you have two-factor authentication (2FA) enabled on your account then you’re much better protected against this sort of scam, but be aware that even one-time login codes sent over SMS can be intercepted.
Be on the lookout for email messages that tell you there is a “problem” with your account, that you’ve won some sort of PayPal credit, or that you’ve received an unexpected payment. These messages will be accompanied by a link or a linked button that you can use to log in.
You can avoid falling for this by always logging in by typing the PayPal address into your browser’s URL bar or using the mobile app on your smartphone. Even if you have 2FA enabled, if you think you’ve fallen for a phishing scam make sure you change your password (and always use unique passwords for each service).
RELATED: How a Password Manager Protects You From Phishing Scams
419 or Advance Fee Scams
This scam dates back to the 18th century and hasn’t changed a lot in the last few hundred years. If you check your spam folder right now, you probably have multiple email messages attempting this one. It’s not strictly limited to PayPal and may be used on any peer-to-peer payment service.
The scam uses email, text messages, or social media to inform victims that there is a fortune waiting for them. The only snag is that this fortune requires a small advance fee (usually account fees, shipping costs, or administrative fees) to secure its release. Send over the fee and you’ll receive the full amount in return. The problem is that the fortune doesn’t exist in the first place.
The scam may take on a slightly different format, for example notifying you that you’ve won a lottery, but the aim is to get you to surrender a relatively small amount of money in exchange for a much larger payout. This could be a few hundred or a few thousand dollars, or even more. The bigger the eventual payout, the more the scammer may attempt to solicit in the first place.
Being told that you have $750,000 waiting makes the $7,500 release fee seem small in comparison. The scammer may even request another small fee after the initial amount has been sent, preying on a “sunken cost” mentality that victims may have: “I’ve already sunk so much money into this, I don’t want to end up wasting it by not paying a small additional amount.” This scam can be avoided if you remember one golden rule: if something seems too good to be true, it almost certainly is.
Shipping Address Scams
Shipping address scams are not new, but they often catch out inexperienced sellers who can’t spot the telltale signs. Scammers will purchase an item online, either by winning an auction on a website like eBay or even buying directly from a seller’s online store.
The scammer then provides a fake shipping address, to which the item cannot possibly be delivered. When the item doesn’t show up, the buyer contacts PayPal to inform them and requests a refund, since the transaction is likely covered by PayPal’s Buyer Protection.
The final part of the scam involves the scammer contacting the shipping company directly and providing a legitimate address to which the item can be delivered. They may also try and pick the item up in person from the shipping depot. The scammer walks away with a full refund and the item, while the buyer ends up empty-handed.
Scammers often use this to purchase high-value items that can be easily resold. Limitations in eBay’s Seller Protection mean that the transaction is only covered if the address provided in the transaction statement (the billing address) matches the shipping address.
You can avoid this scam by making sure billing and shipping addresses match, and verifying that the address is real before you send the item. Make sure you use a signature on delivery to track shipping so that you have evidence should you need it.
Overpayment Scams
The overpayment scam takes many forms, particularly among scammers who cold call their victims. The type of scam that affects PayPal is a little different in that money usually exchanges hands, which gives the target a false sense of security. Scammers target online sellers, often on websites like Facebook Marketplace or other classified indexes. This one doesn’t work if the marketplace generates an invoice for you, like eBay, since the “buyer” cannot manipulate the price.
The scam starts with the buyer sending more money than an item is worth, with the transaction going through and the money appearing in the seller’s PayPal account. The seller then sends the item in the mail, believing the transaction to be genuine. Once the item has been sent, the scammer draws the seller’s attention to their “mistake” and asks for the difference to be sent back to them using another PayPal transaction.
The seller agrees to do so, after which the scammer contacts PayPal and flags the transaction as fraudulent. If everything goes to plan, the money is returned to the scammer’s account along with the payment that the seller made. The item is probably already in the mail by now, so the scammer gets their money back, a tip in the form of the gap payment, and the item they purchased in the first place.
Since the gap payment was probably made as a personal payment between PayPal accounts, the victim isn’t entitled to any sort of refund since these payments are not covered by the usual protections.
As a seller, you should be immediately suspicious of a buyer who is sending you more money than you initially requested. Avoid selling items to online buyers over services like Facebook Marketplace, and use online marketplaces like eBay that generate transaction statements that make you eligible for PayPal Seller Protection.
Dealings With Compromised Accounts
Accounts are routinely compromised as a result of phishing scams, and these accounts are then used to pay for items. Scammers doing this don’t even have to rely on any of the other dirty tricks mentioned in this article, instead racing to get as much money out of the compromised account before the account’s owner catches on.
Once an item has been paid for and the buyer has sent it through the post, it usually doesn’t take long for the account’s rightful owner to realize something is amiss. They can contact PayPal and notify them of fraudulent activity, or even attempt to get transactions reversed by banks or payment processors.
The seller who has dealt with this account is ultimately the one who loses out since the money is refunded after the item has been shipped. This is another reason that many online sellers only send items to valid billing addresses.
RELATED: How to Spot a Fraudulent Website
Fake Invoice Scams
Scammers take advantage of the popularity of the PayPal service, in the same way that big banks and financial institutions are targeted. There’s a high chance that most people have used PayPal at some point, so sending out an invoice claiming that your PayPal account will be debited in 24 hours is one method of spreading a wide net in a bid to snare a few victims.
A fake invoice is generated notifying you that a large sum of money is due to come out of your account, with a “ticking clock” that makes the situation seem more urgent. The scam could work with any payment processor, but PayPal is often chosen due to its prevalence.
The scam involves calling a phone number to get the problem rectified. There are several different avenues the scam could take from here, including getting you to dial a premium number, attempting to gain access to your account to “rectify” the issue, and trying to convince you to settle for a smaller account fee to make the invoice go away, or just about anything else you could think of.
Only pay for items you know you have purchased. You may receive an invoice for an item after an eBay auction for example, but you shouldn’t receive or respond to unsolicited invoices. PayPal users can request payment from any email address, but this is done through the PayPal service (and will appear in your account or mobile app).
Proof of Postage or Payment Pending Scams
As an online seller, you should never send an item in the post until you have received the correct payment. If you’re a concerned buyer using PayPal, make sure you’re eligible for Buyer Protection and you’re able to get your money refunded if the seller doesn’t provide the item.
So-called “payment pending” scams turn this dynamic on its head. The “buyer” will refuse to pay for the item until the seller can demonstrate that the item has been sent, usually with a tracking number. The buyer may attempt to formalize the process with a “payment is pending” message, informing the seller that payment will be released upon proof of postage.
Once the item has been sent in the post, the buyer can decide not to pay for the item since they know the item is already on its way. There are no protections in place for sellers who send items before receiving payment. If a buyer is insisting on doing things this way, block them and move on.
This scam can take a few different forms, but it always involves the seller sending the item before receiving payment. One example is the buyer instructing the seller to send the item and then message them the total owed amount, including shipping. This scam is not limited to PayPal and has happened on Zelle and other peer-to-peer payment services.
Fake Charities, Causes, and Fundraising
Falling for a fake charity or fundraising post is easy to do, and many victims have no idea they were ever scammed. But it’s important to thoroughly research charities and causes before you send money to avoid giving your money to a scammer who is preying on the generosity of others.
These scams often show up at times of crisis, like during a natural disaster or weather event. There’s a propensity for some to solicit funds on an individual level, often using Facebook groups and other informal settings to request money. Not all of these people are scammers, and many are legitimately in need.
You should be absolutely sure that the person or “charity” requesting money is who they say they are. You can look up US charities (tax-exempt organizations) using the IRS website. The FTC also has some good advice, like searching online for opinions, looking up how the charity distributes funds and checking local state charity regulators for evidence of the cause.
If you’re donating directly to individuals, you’ll need to rely on word of mouth and friends to vouch for them. If you have your doubts, consider donating elsewhere. If you like the sound of supporting a specific cause but notice red flags online, search for a similar organization to send your money to instead.
— PayPal (@PayPal) May 27, 2022
Once again, this problem is far from limited to PayPal. Many fake charities will use PayPal as a method of collecting funds though, and these payments aren’t covered by any “buyer” protection since they are donations rather than an exchange of money for goods.
How to Avoid PayPal Scams
Remember to inspect any emails from PayPal carefully. Check the email address, and avoid links to log in to your account (even phishing URLs can be convincing). Items that need your attention (like requests for additional documents) will appear in your account when you log in anyway. PayPal usually gives you around 10 business days to comply with these requests, so be wary of messages that attempt to rush you.
Keep a lookout for red flags like impatient buyers, buyers who want to split payments between multiple accounts, and buyers who send you more money than you initially requested. Make sure shipping and billing addresses match, or you won’t be covered by Seller Protection.
Understand that Seller Protection has limits. Digital items are not included so if you’re selling codes for gift cards or software, you’re at risk. Confirm buyers’ addresses exists before sending items, else you may fall for a shipping address scam. If you’re selling within the US, your account address will need to be listed in the US for Seller Protection to cover you.
You also aren’t covered for goods picked up in person or shipped before payment, or in instances where you received multiple payments (for example, from different PayPal accounts). Check out our full guide to avoiding PayPal invoice scams for more top tips.