PayPal Phishing Scams: How to Avoid Online Scams in 2019
- Salman Ahmed
- December 20th, 2018
PayPal phishing is a new trend to trick customers. These Cyber thieves are sending convincing emails that look like official one to fool users and get all the information they want.
This is something very concerning since PayPal is popular for its reliability and secure transaction service globally. From bank account details to your home address, everything these scammers can get through phishing scams.
Lead malware intelligence Analyst at Malwarebytes highlights this vulnerable threat regarding these Phishing attacks. According to him:
“The scammers used a fake email address that is similar to PayPal’s official address except it is a complete hoax. In the illicit campaign, users are tricked into believing that a recent transaction they have made “could not be verified.”
So without wasting more time lets start with gaining the knowledge regarding what kind of scenario indicate phishing scams and how to avoid it:
Before looking into how to avoid PayPal Phishing scam, I think it is vigorously important what it is and what kind of language used by scammers to trick you:
Case 1# [New Transaction Statements] We’re letting you know: We couldn’t verify your recent transactions
Case 2# [New Activity Statements] [Account Hold] Re: Your payments processed cannot be completed
The cases mentioned above are two common statements used by scammers to get the access of your sensitive data. However, if you are good with language, you can see some serious grammatical mistakes in these spam emails.
Moreover, the appearance of these spam emails looks very similar to a genuine one. These PayPal phishing emails have all sorts of official appearance such as logo and signature. Here is the example of PayPal scam email:
At the very first glimpse, this scam email looks like the official one. Additionally, the email address “email@example.com” initials are similar to the real PayPal address. However, when you analyze it carefully, you will find out that the original PayPal address does not end at “.com,” but it has further long details too.
One more way to recognize the PayPal phishing email is by checking the URL of the button mentioned in the email. When you click on this “Verify Information Now” button, you will direct towards fake PayPal landing page. Here is an example of a fake page:
The URL this fake page shows is pretty similar to the official PayPal page. However, when you further investigate the URL, you will notice that this URL has nothing to do with the Official site. The fake URL looks like:
With a URL like mentioned above, it indicates it’s a scam. Without a doubt, these PayPal scammers put strong efforts to make this fake website looks like the official one. However, there are still major loopholes provides proper evidence that this email and website are fake.
One more way to identify the email is a part of PayPal phishing scam by clicking on the “Resolution Center” button. When you click on the button, it will lead you to another page that will ask for your account and personal information. These forms will look like:
At this moment, users come at the point where they can lose all their sensitive data, which is horrifying. Without submitting the information by clicking on the confirmation button, everything you fill on the form might already be logged by scammers. Christopher Boyd explains this scenario very well in his publication:
“Sadly, anyone submitting their information to this scam will have more to worry about than a fictional declined payment, and may well wander into the land of multiple actual not-declined-at-all payments instead. With a tactic such as the above, scammers are onto a winner—there’ll always be someone who panics and clicks through on a “payment failed” missive, just in case. It’s an especially sneaky tactic in the run-up to December, as many people struggle to remember the who/what/when/where/why of their festive spending.”
If you are running a business as a seller and you do not have a PayPal Account, this may happen that scammers will approach you as a buyer. They will show interest in buying the products you offer and tell you that they will pay you via PayPal.
In this scenario, the best these scammers do to attract you is by placing bulk orders. Moreover, at this movement, you will see a huge amount of money is knocking at your door, and that’s where these scammers trick you.
When you tell them that you don’t have a PayPal account, they will you fake PayPal link that’s look similar to a genuine one.
But in reality, the scenario is different. These scammers have zero interest in buying your products. The only and only aim of these scammers is to indulge you in opening PayPal account through their offered URL. This is another type of PayPal phishing attack since the provided link will lead you fake PayPal form as I mentioned above earlier.
All the personal information you insert in this form will be directly monitored by scammers. Moreover, providing personal information to these scammers is dreadful. These scammers use all your data to hack your other financial accounts and make you beg.
First, make your habit never access the link or address that mentioned in an email to register for online payment accounts. Always register by going to the official company website.
Moreover, always compare the spelling of URL mention in an email with the official one. At first glance, it might be the case that you can’t identify the difference between “PayPal.com” and “PayPal.com.”
Additionally, take assistance from your friends who are regular users of the PayPal website and aware of the official transaction process. In this way, there are higher chances that they will notice the difference in design or procedure and notify you on an immediate basis.
In short, without taking any risk always use the official PayPal website. So, if the buyer is not a scammer, he/she will put the request to process the transaction.
This is another case of PayPal Phishing for the business person. In this case, buyers will request you to deliver the item to his/her friend or family member address. And they will make the payment through PayPal account and give you another address to deliver it.
Remember that PayPal never takes responsibility for goods that are not going to deliver at registered address with buyer’s PayPal account. So if you are a new user of PayPal services and you do not bother to read PayPal’s policy, then you are in serious trouble.
For the sake of sales, scammers will trick you by delivering the product to another address. Moreover, these scammers make the situation more convincing for you by offering additional money.
In that case, when you delivered the item, these scammers open the dispute that they never get the delivery. Therefore, even you have shipping receipt as evidence, PayPal cannot help you anyway since the address is different from the registered address. These scammers will get the money back, and you lose your product.
The best thing you can do in this case is to read the PayPal Security Guidelines. They clearly mentioned that they do not take responsibility for those products that are delivered to an unknown address other than the registered one. So by not accepting the request for delivering the products to other than the registered address is enough to avoid such PayPal scam.
These scammers as a buyer will purchase your product and pay extra money to your PayPal account. Moreover, after making the payment, they will email you that mistakenly sent the extra amount. In this case, they will request you to return the extra amount through an alternative mode of payment.
These scammers are very clever, and they pay you the extra amount on purpose. They use hacked PayPal amount to make the transaction. So when the actual account holder sees the abnormal transaction, he/she will demand money back from PayPal.
PayPal will investigate the case and return the money, and you will get your product back. However, you will lose the extra amount that you already pay back to scammers.
Additionally, the chances of a total refund could also happen in this case if the PayPal account holder opens the dispute that he/she does not want the product. They will get the money back, and you will be completely in the loss.
To avoid this kind of PayPal phishing scam, I would recommend you to make all the transactions through the official PayPal app or website. This is because according to PayPal security policies, PayPal is only responsible for the transactions, which makes through their official site and app.
And if you read all the security policies given on the official website of PayPal, you can refund all the amount to the buyer and request them to send the right amount.
Here if you are a seller, then these scammers approach you as a buyer and show interest in buying your product. They also want the delivery to their registered PayPal address but through their shipping vendor. Moreover, the reason they tell you is to save hefty delivery charges by getting product from other delivery services.
However, using buyer’s shipping company is a part of a plan to trick you. This will give these scammers full authority and control for the delivery process. They can change the delivery address at the very last moment, which is other than the registered one.
By changing the address, these scammers can open the dispute that they do not get the product to the registered address, so they claim for a refund. Moreover, you do not have any evidence to prove it and lose your product too.
Remember that never take any favors from buyers for the sake of saving money. The first rule of running a business is to take full responsibility for the transaction and delivery of the product.
Additionally, do not take those favors that do not fall under PayPal control and policies. Make a rule for your business that PayPal will handle the transaction process and you will handle the delivery.
These scammers can also trick you as a seller. It might happen that when you purchase something, the seller will ask you to send the payment as “Friends & Family.” Additionally, the reason they give you is to avoid extra additional charges.
Remember the “Friends & Family” option is only available for your to close friends and family members. Moreover, this feature cannot be used for selling and purchasing purchases. Therefore, it means that you are not allowed to use this feature under PayPal’s Purchase Policy.
So if you get a trick by the seller and use this method to make the transaction, then there is a high probability that you are not going to receive your purchases after seller received the payment. And when you claim for refund by sending an email will also useless.
First, you need to understand that “Friends & Family” feature is only applicable for transaction purposes between trusted people. Moreover, PayPal does not offer this feature for buying and selling purposes.
Always remember the if you are using PayPal for purchasing or selling purposes, it comes under the business transaction. Moreover, this is the only condition where PayPal will protect you in case of any incident happens.
Therefore, the best way to avoid this type of PayPal Phishing is by rejecting all the requests by the seller for paying under “Friends & Family” mode. Always make the payment under business transactions whenever you are buying through PayPal.
This is another case of PayPal Phishing scam. It happens when you make bulk purchases and here these scammers will make you fool by sending fake PayPal invoice. They will send it through an email, which almost looks like the official one with a link to fake invoice.
So, when you click on the link to make the payment, it will redirect you to the fake PayPal login page. And when you enter your login in credentials, your sensitive information will be sent to scammers and high chances that your account might hack
The only thing you need to know is whenever seller sent you the invoice check its URL. The official invoice should be received from “firstname.lastname@example.org.”
Analyze carefully that the URL matches the address mentioned above and also check for a grammatical fault. Secondly, the page on which the invoice is received should be “www.paypal.com.” This little inquiry could save you from these phishing scams.
To guide you regarding what kind of PayPal phishing scams you can experience and how to avoid it, I decided to add some real-time incidents. However, remember that the following examples of phishing scams may vary based on your location.
This person shares his experience on Reddit regarding how scammers trick him with the help of fake SMS scam:
“I just experienced an attempted PayPal phishing scam that was pretty devious. And I’d like to prevent anyone from falling victim to it. First, I got a (genuine) text with a PayPal security code. Shortly after that, I received a phone call (that turned out to be spoofed) from 402-935-XXXX (a number that is connected to PayPal). I answered, and an automated voice asked me for my telephone passcode/PIN.
I am certain the goal was to obtain the telephone pin and then immediately use it to call PayPal and request assistance with a password reset. PayPal would see the genuine attempt to reset the password; they’d spoof the call to appear as though it came from the registered number. And then use the telephone PIN to convince the rep that it was a legitimate request.
PayPal’s fraud department has a log, which records all contacts initiated by PayPal. It was how I learned that the text was genuine and the phone call was not.
For the sake of getting extra $100, this person accept the scammers request and get in to serious trouble:
The above mentioned cases and real time incidents are most common PayPal phishing scams. However, keep that in mind that these scammers are very clever and come up with new plans to make you fool.
This is why it is necessary to know basic phishing scam prevention to keep yourself safe while using PayPal for multiple transaction purposes:
The best way to avoid PayPal Phishing scams is following these guidelines and security policies. And never accept the payment or transaction that looks anonymous.
There is no technical information required since regulations and policies offer by PayPal is so easy to understand. In case if you still have any query or confusion, feel free to contact us, by mentioning your concern below.