What Are Paypal Scams & Why Are They So Dangerous?

Home » Funds Recovery Blog » What Are Paypal Scams & Why Are They So Dangerous?

PayPal has become a nearly ubiquitous payment method in e-commerce. Customers appreciate the ability to make payments with a single login rather than having to enter their credit card number, expiration date, security code, and billing address each time. 

So many customers prefer PayPal and because it’s relatively simple to integrate into an existing checkout page, most e-commerce merchants now accept PayPal as one of the payment options.

paypal logo

Despite its benefits, PayPal shares one disadvantage with traditional credit card payments: fraud. PayPal, like any other payment processor, is subject to an onslaught of scams and fraud attempts aimed at taking money from someone else’s pocket.

Let’s go over the most common PayPal scams and how e-commerce merchants can avoid becoming victims of them. Take note, if you’re a regular PayPal user: Scammers frequently target PayPal and its customers. Individuals making purchases, people receiving personal payments from friends and family, and self-employed people using PayPal for business are all vulnerable to these scams.

paypal scam

What is a PayPal Scam?

PayPal scams can take the form of emails, phishing sites, malicious advertisements, suspicious links, and other methods. 

Such scams are designed to appear official in order to trick users into disclosing private information, such as usernames and passwords, or to fraudulently collect payments. There are numerous PayPal scams, but there are a few that you are more likely to encounter.

PayPal scammers are constantly improving their methods, making it increasingly difficult to tell if a fake PayPal email, link, or site is genuine. If you are not cautious and attentive, you may fall into the trap of mistaking a scam for one that is legitimately connected to PayPal.

The result could be a significant financial loss with no way of recovering the funds. If you suspect an email or link related to PayPal, it is critical that you report it. This will assist PayPal in combating these scams.

paypal on computer

How Does The Paypal Scam Work?

This scam is based on the fact that the fake invoices aren’t technically fake at all: they’re real PayPal invoices created by fraudsters to look like they’re from a legitimate entity like GoDaddy or the World Health Organization. 

The invoice appears to be from a well-known and reputable organization, you may believe it is genuine and pay without hesitation. Because the invoices are genuine PayPal invoices (albeit fraudulently created), when you click “Pay,” your money will be automatically transferred to the fraudster via your PayPal account.

Be skeptical and don’t succumb to time pressure if you receive an invoice that can’t be linked to a specific purchase or work order. Contact the purported source of the invoice (look for their contact information online; do not contact the person who sent the invoice directly) to confirm its legitimacy.

Lost money to online fraud? We will recover your funds !

    We only process cases of more than $5000

    The 8 Most Common PayPal Scams of All Time 

    Here are eight of the most common PayPal scams we’ve discovered, as well as how to avoid becoming a victim of them.

    1. Advanced fee scam

    One type of scam that PayPal users should be aware of is Advanced Fee Fraud. This type of fraud, which includes the infamous “Nigerian Prince” or 419 scams, is designed to trick victims into sending a relatively small amount of money in exchange for a much larger return.

    Because of the difficulty in getting money returned, PayPal users are frequently targeted by this scam. Advance fee scams over PayPal often work like this:

    You receive an email with an ALL CAPS subject line claiming you have inherited money. When you open the email, it appears to be an official letter from someone in a high political position. They’ll then tell you that you’re owed a large sum of money for questionable reasons. Finally, you’ll be asked to provide some basic information that will allow you to communicate.

    paypal scam

    The scammer obtains personal information from you that can be used in identity fraud, as well as money from victims. However, the warning signs for this scam are obvious, and avoiding this type of scam is relatively simple.

    How to avoid advance fee scams

    Fortunately, the vast majority of these scams are blocked by your email service provider. You might even find a few of them if you check your email spam folder (we sure did).

    However, if an email asking you to make an advance payment in order to receive a larger reward gets past your spam filter, take note of the warning signs. The email address will almost certainly not be from a verified or legitimate business or service, and it will almost certainly not match the name, organization, or government official mentioned in the email text.

    girl holding a money

    Furthermore, there will most likely be numerous spelling or grammar errors within the body of the email, which is another red flag that it is not from a legitimate source.

    Overall, it’s best not to send advance payments, especially to people you’ve never met or know. Do not trust suspicious sources online requesting money unless you are purchasing products from a trusted ecommerce store, donating to a cause, or sending money to family or friends. If something appears to be too good to be true, it most likely is.

    2. Scam email: “A problem with your account”

    One PayPal scam involves an email that falsely claims there is a “problem with your account.” The goal here is to make you open the email out of concern. It is followed by text intended to entice you to click on a link within the email, which eventually leads to a phishing website.

    A visitor recently forwarded us a copy of the PayPal scam email. We were able to track down where the scam site was hosted and shut it down in less than 5 minutes. We also discovered where the stolen information was being sent from the website and notified PayPal to ensure that the site was shut down and that any affected customers were contacted.


    Here are some tell-tale signs of a bogus PayPal email:

    • A standard greeting, such as “Dear user” or “Hello, PayPal member.” Paypal will never use a generic greeting in an email. They will always greet customers by their first and last name or the business name associated with their PayPal account.
    • A request for financial or other personally identifiable information. Never give out your bank account, debit or credit card information. They will never request those details via email.
    • A request for account information. If someone emails a customer and asks for their full name, account password, or answers to security questions, be assured that it is not from Paypal. They will never request such information via email.
    • A prompt to provide the tracking number of a dispatched item prior to payment receipt. They will never request this information before a customer has paid for the dispatched item.
    • A request to update computer software. It’s not Paypal if an email includes a software update installation link. They will never request that you install anything on your computer.

    3. “Friendly name” or display name spoofing

    Another type of email scam is the “friendly name” scam. Email scams take advantage of a feature in email systems that allows the sender’s name to be hidden behind a “friendly name” that can be made to appear legitimate.

    Many email services now use a “display name” for people, websites, or services with whom you frequently communicate via email. Instead of the full email address, you may see a “display name,” which is frequently the name of the individual or service.

    email notification alert

    Scammers can take advantage of this system by creating an email address with a display name that is already in your address book. When you receive an email from a bogus account, it may not only avoid spam filters, but it may also appear completely legitimate when linked to an equally legitimate-looking email (such as some “problem with your account” scam emails).

    The scammer could use PayPal spoofing to change the display name to anything that appears to be legitimate, including common words you might associate with a legitimate business, such as “PayPal Customer Service.”

    How to avoid “friendly name” scams

    A few simple steps can help you determine whether an email is from PayPal or a scammer:

    • Do not click on any of the links in the mail
    • If the entire email address is not visible, hover over the display name in the email
    • Providers of email services differ – in most cases, simply opening the email in Gmail will reveal the entire address, including the display name and web address. However, your email app may require you to hover over the display name to reveal the address. Because of space limitations, mobile email apps frequently hide the email address entirely and only display the display name, which can be very misleading.
    • Make sure the address exactly matches a real web address for PayPal. Furthermore, ensure that the entire web address is valid. PayPal emails will have an email address that ends in @paypal.com. Any variation of that, such as @international.paypal.com, is almost certainly a scam.
    Stay Safe

    4. Phishing websites or social media posts (fake PayPal website or social media scams)

    Many well-known websites are spoofed in various ways. Scammers who create a fake PayPal website and attempt to collect user information are usually part of a phishing scam.

    Phishing is a set of techniques used to impersonate trusted entities in order to trick victims into disclosing personal information. They create fraudulent websites and email addresses that appear legitimate. The goal is for you to interact with the fake site and eventually provide private information such as usernames, passwords, financial account information, or anything else that can be used to steal money or your identity.

    There are many phishing websites out there, and phishing sites are now a far more common type of fraudulent activity on the web than malware sites, according to Google’s Transparency Report. In fact, phishing sites outnumber malware sites 8 to 1, which means you’re far more likely to come across a phishing site designed to look real and steal your information than a site attempting to install malicious software onto your computer.

    You’ll notice right away that this scam website looks exactly like an older version of PayPal’s website. Without looking at the details, it’s easy to believe this site is genuine. However, there are a few things you can do to avoid falling for phishing site traps like this one.


    You should also be on the lookout for phishing scams disguised as promoted or shared social media posts. TNW reported on one such scam that Twitter permitted to spread, in which the scammer purchased ad space and pretended to be an official (albeit unverified) Twitter employee, offering users the chance to win Twitter-sponsored sweepstakes.

    The scam directed people to a phishing website that appeared to be a legitimate Twitter page. The ultimate goal was to get users to enter their username and password into the form, which would then collect private information rather than log them into PayPal.

    How to avoid PayPal phishing site scams and social media posts

    To begin, the simplest way to tell if you’re on the correct PayPal website is to look at the web address in the URL address bar. Take note of the website address, “security-paypal-center.com.” 

    This is not an authentic PayPal address. “paypal.com” is the official PayPal address. Any other version is almost certainly a scam. Furthermore, PayPal does not use distinct region-based domains, such as “co.uk” for the United Kingdom or “co.jp” for Japan. All other variations will be redirected to a URL that begins with “www.paypal.com.”

    Check the website’s certification status next. There is no lock symbol next to the URL in the preceding example. This means that the website lacks an HTTPS (or SSL) certificate.

    man doing phishing

    5. Fake hyperlink scam

    Fake web address scams can appear as part of other types of scams, including within email scams, and quite obviously as a part of a phishing website. 

    However, it’s possible you may find some internet thieves will create fake hyperlinks designed to appear legitimate in the text, but the actual URL is fake. As discussed earlier, a hyperlink text can say anything we want it to.

    How to avoid hyperlink scams

    Hyperlink scams are comparatively easy to avoid, and there’s one simple step: On a personal computer or desktop, hover over a suspected link before clicking on it. Doing so will bring up the actual hyperlink URL in your web browser window.

    On a mobile device, long press on the link to reveal the URL it’s actually sending you to. If the hyperlink goes somewhere other than the stated target or is clearly not a link to PayPal, do not click on it.

    Currently, the majority of legitimate websites and businesses use SSL certificates and HTTPS encryption.

    Fake URL

    Do not trust any PayPal site that does not have a lock symbol. It’s most likely a phishing website. While PayPal does not currently have an Extended Validation certificate (which reveals the name of the organization alongside the lock symbol), you can still check the certification to ensure that it is legitimately owned by PayPal.com.

    • Select the lock icon.
    • Select Certificate.
    • Select the Details tab.
    • Click on Subject under Field.

    Examine the information provided here. You should see the information below, or something similar:

    If the information appears to be vastly different, or if no information is available, you are most likely on a phishing site and should close the tab immediately. It’s also worth noting that many antivirus products provide real-time protection against phishing sites like these.


    6. Fake charities and investment opportunities

    Scammers usually try to play on their victims’ emotions. This can include feelings of pity or greed in some cases. Either of these factors can lead to some victims walking right into PayPal scams without thinking about the consequences.

    Fake charities occasionally appear after a tragedy or when scammers obtain enough information about a victim to target them with a fake charity scam. In these cases, the bogus charity may have a website or simply send information over the internet, and will request payment via PayPal or other means.

    Meanwhile, impersonating 419 or Nigerian Prince-style scams attempt to persuade potential victims that a seemingly small investment can yield a large reward.

    If you’re a victim of a similar scam please get in touch with us to that we can help you get your money back!

    Fraud blocks through magnifying glass on desk

    How to avoid fake charities and investment opportunities

    Remember the expression “too good to be true”? This is true for all investment opportunities. Anyone promising a large reward for a seemingly small investment should raise your suspicions.

    • If you receive an investment opportunity that appears to be “too good to be true” and requests payment via PayPal, do the following:
    • Look up the company on the BBB (Better Business Bureau). Bad ratings or a non-existent company are warning signs.
    • If you can’t find a company’s existence through the BBB, do a simple Google search for it by name and look for any forums or other places where it’s discussed.
    • A lack of information is also a red flag, and negative information should be your first indication that this is not a reliable investment opportunity.
    credit card with lock

    PayPal recommends the following websites for charitable donations:

    • http://www.charitynavigator.org
    • http://www.bbb.org/us/charity
    • http://www.charitywatch.org/

    It is important to note that any charity that cannot be verified through any of these methods is most likely not a real charity. Charities must be registered with the government, so it’s best to avoid donating money if you can’t find information about it. Many official and trusted charities will almost certainly be collecting funds for the same cause.

    7. Overpayment scam and hacked PayPal account scam

    PayPal vendors should be concerned about this scam. The overpayment scam works as follows:

    • You sell a product or service to a person or a “business.”
    • The buyer sends payment, but it is excessive.
    • The buyer then requests that you return the difference to them, frequently requesting that you transfer the funds to a different account.

    This appears to be innocuous enough, but the buyer is most likely a scam artist attempting to get you to pay them money from a stolen payment account. It’s possible that the buyer used a stolen credit card or other bank information to make the fraudulent purchase and then asked you to refund some of the money.

    In this case, the buyer not only receives a product or service obtained illegally, but he also receives some of his money back, which is deposited into a different account that will likely be untraceable later.

    Here’s the main issue for sellers: If the true account holder reports fraudulent activity, PayPal may cancel the payment and return the funds to the rightful owner. If this occurs, you will lose both the money and the product you sold. The hacked account scam is another subset of this. In this case, the buyer is paying with a compromised PayPal account.

    Although the buyer receives the item, you may be required to refund payment to the original account holder. You will lose both the item and the money you paid in this case.


    How to avoid Overpayment Scams

    Legitimate buyers rarely overpay, so any overpayment is most likely a scam. If this occurs, instead of refunding the money, cancel the order and do not ship the item. 

    Furthermore, never return a payment to an account other than the one that made the original payment.

    8. “Creative” payment schemes

    Honest people can also be duped by shady payment schemes. PayPal, for example, offers a money transfer option with lower rates for family and friends. Scammers will sometimes request a money transfer that way in order to save on commissions, and they will promise a discount in exchange.

    However, according to the platform’s rules, this method is not intended to be used to pay for goods, and no customer protection program applies to such transfers. Anyone who sends a “friends and family” payment to a scammer can say goodbye to the money — and the goods.


    Scams of this type also include offers to transfer money via alternative means that are ostensibly more convenient, cheaper, or better for any other reason deemed superior by the seller. In general, if the other party insists on this, or starts spinning tales, or tries to create urgency (last chance to make a deal, I’m flying to Alaska in an hour to live off the grid for the next 20 years), there’s probably something fishy going on.

    How to avoid “Creative” payment  scams

    Refuse to accept alternative payment methods. PayPal offers excellent protection programs for both sellers and buyers, but they only apply to standard transfers made through the platform.

    How Scammers Misuse PayPal Accounts And Emails

    In e-commerce, PayPal has almost completely replaced all other payment methods. Instead of having to repeatedly enter their credit card number, expiration date, security code, and billing address, customers appreciate being able to make payments with just one login. 

    The majority of e-commerce merchants now accept PayPal as one of the available payment options because so many customers want to use it and because it’s relatively simple to integrate into an existing checkout page.

    marketing email

    Some PayPal frauds entail creating a new account and making it appear as though it belongs to someone else. Fake charities are a common scam, though they are not unique to PayPal, especially after widely reported disasters.

    Scammers created a PayPal account and one or more social media pages under the guise of a charity dedicated to aiding those affected by the catastrophe. They then promote posts by the fake charity account urging people to donate using paid advertising or automated accounts.

    The trickiest aspect of this scam is that the majority of victims never even realize they were duped, believing their money went to charity when it actually ended up in the hands of the con artists.

    Another scam involves someone setting up a phony storefront under the name of a legitimate company and instructing customers to send money to their PayPal account. Although uncommon, this scam can be particularly damaging to the business whose name was used, leaving them with a number of angry clients they never dealt with

    How to Protect Yourself from PayPal Scams

    PayPal security necessitates vigilance and common sense. Here are some precautions you can take to protect your PayPal account from fraud.

    Avoiding Online Scams That Target Senior Citizens

    Dealing with PayPal scam emails

    • Email links should be avoided. Only click on email links if you are certain the email is genuine (e.g. you asked the sender for the message or are otherwise expecting such an email). It is far safer to log in to your PayPal account directly in your browser or app and check to see if the email’s contents are legitimate.
    • Examine the email address of the sender. By looking at the sender’s actual email address, you can easily identify spam emails. Don’t rely solely on the display name. Anyone can make a legitimate-looking display name, but it is more difficult to impersonate a legitimate email address. When you click or tap on the sender’s display name, the true email address hidden behind the display name is revealed. PayPal only uses the email domain @paypal.com.
    • PayPal emails that do not address you by name should be ignored. PayPal emails that are legitimate will always include your full name (exactly as shown on your account). “Dear Customer” or “Hello PayPal user” greetings indicate a scam attempt.
    • Delete PayPal emails that request sensitive information or the download/installation of software. PayPal states on its website that it will never send you an email requesting sensitive information such as your password, bank account information, or credit card information. They will also never send you an email requesting that you download or install software.
    email marketing

    Other strategies to avoid PayPal scams

    • Don’t send money outside of PayPal for platform transactions. Legitimate buyers rarely overpay, but mistakes do happen. Should a buyer overpay you and cancel the transaction? Don’t comply with their request to refund them to another account.
    • Use your own shipping method at all times. When you select the shipping method, you have complete control over delivery and will not be subjected to bogus shipping labels or rerouted packages.
    • Ship only to the address specified on the Transaction Details page. When you ship only to this address, you meet one of PayPal’s Seller Protection program requirements.
    • Stop your shipping company from rerouting packages. Contact your shipping company and request that this layer of protection be added to each shipment.
    • The buyer cannot reroute your package, receive it somewhere else, and then claim that it was never delivered.
    • Deal with only verified buyers and sellers. When a PayPal account holder takes the time to verify their account, it is a good indication that they are not a scammer. Proceed with extreme caution if you do business with unverified PayPal accounts.
    money wire transfer

    A Few Tips to Avoid Trouble on PayPal

    Let us summarize and outline some general guidelines to help you protect yourself against the majority of deception, account hijacking, and other unpleasantness:

    • Look for red flags in messages, such as grammatical errors, attempts to instill a sense of urgency or danger, and e-mail addresses and links that differ from the official ones (even by one letter).
    • Don’t blindly trust messages; check for any potential issues in your personal account on the website or in the PayPal app (especially when it comes to messages confirming the crediting of funds).
    • Never use an unknown delivery service, and always ship to the address specified on the transaction page.
    • Avoid the alternative money transfer methods offered by con artists; PayPal’s protection programs do not cover them.
    • Don’t believe an offer that appears too good to be true; it most likely isn’t.
    • Give the other party no more personal information than is required for the transaction. Never, ever, ever share your password;
    • Do not install any additional software or open any suspicious files sent to you via email. PayPal does not operate in this manner.

    How to Report a Fake PayPal Email

    PayPal has a dedicated email address where you can report any fake emails and they will investigate – spoof@paypal.com

    If you provided any personal information after receiving a scam email, immediately log into PayPal and change your password and security questions. You can also call Action Fraud at 0300 123 2040 or use their online reporting tool to report it.

    Your email provider can also assist you. Most email providers have a report function where you can mark an email as junk and then mark it as a phishing scam, which will then report the sender.

    Key Takeaways! 

    PayPal is one of the world’s most popular online payment services, and for good reason. It provides buyers and sellers with a simple, convenient, and secure way to exchange money with almost anyone, anywhere, and in a variety of currencies.

    To maximize your safety when using PayPal, be aware of the various ways scammers will attempt to steal from you. Understanding the most common PayPal scams and how to avoid becoming a victim will keep your PayPal account safe.

    Lost money to online fraud? We will recover your funds !

      We only process cases of more than $5000

      We do understand that you’ve already been scammed online and that you’re naturally afraid of paying online. This is why we do offer a free case review, and won’t charge anything if your case isn’t qualified. Please do your part of the deal, and submit your case only if you truly intend to proceed with the recovery process.

      Get a free consultation!