At this point of technological development, when literal billions of people are using electronic payment systems and every baby has their own email address, everyone has seen scam emails. It can be anything, from a Nigerian prince scam to legitimate-looking bank account scams. But while most scam emails can hardly be considered dangerous because very few people will actually buy them, some scammers have found ways to trick people into thinking they are legitimate.
Now, the Nigerian prince emails have become a running joke on the Internet and most users will recognize them at first glance. However, emails pretending to be correspondence with payment systems like PayPal are gaining more traction. Especially now, when people are stuck at home and making more and more purchases online.
Fake PayPal emails
Having received tons of PayPal scams myself, I would say that they usually fall into one of the two categories:
- fake PayPal payment confirmation emails
- emails trying to gain access to your PayPal account
Fake PayPal payment confirmations
The first type is the email you may receive when trying to sell or buy something online. Say, for example, you are trying to sell some action figure on eBay or Craigslist. It’s in pristine condition, so you’re asking a couple of hundred bucks for it. You get a notification of a private message: someone wants to purchase your item. They’ll even haggle over the price a little but give up quickly if you don’t budge (as if they were going to pay the money you asked – we both realize this is an article about scams, right?).
Then you receive an email from “PayPal”, saying something along the lines of: “we have received the payment from your buyer, now you need to mail out the item for the payment to be transferred into your account.” Fair enough, if PayPal says so, maybe that’s their way of protecting both the buyer and the seller, so you mail out your item. Usually, the address is some rented PO, not a house address. Congratulations – now you will receive no payment and the buyer will argue with you for some time over the messages, claiming they sent the money, but after some time, they’ll deactivate their account and disappear forever.
Or, even better, the “PayPal” email will claim they sent you a hundred bucks more – by a complete accident! So even before the payment “being released into your account,” they’ll ask you to give back the sum that they overpaid. As a decent human being who has made some foolish mistakes of their own in your lifetime, you send back the money AND mail out the item. BOOM – now you have no item, no money for it, and you gave the scammer your actual money.
Gaining access to your PayPal account
This type of email is probably going to try and scare you that someone (let’s not point fingers – but we already know who) is trying to gain access to your PayPal account, so you need to click the link and change your password – by providing your current one first, of course. This scam is as old as time, but many people believe it since the scammers imitate real PayPal website pages and emails extremely well.
You enter your password and mere seconds later, the scammers have already transferred the money you had in your account someplace else. Most of the time, PayPal can’t do anything about it because your account was accessed using a real password and the transfer cannot be canceled.
How do I protect myself from PayPal fraud?
You need to follow several rules to make sure you don’t become the next fraud victim scammed on PayPal. PayPal is worried about this trend as well, so they wrote a nice article on avoiding scam PayPal emails. After you’ve finished with this article, head over to read the PayPal one.
- First, make sure the email addresses you by your real name. Most of the time, the scammers do not have your full name, so they will address you as anything but: Dear sir/madam/member, To whom it may concern, or a simple Hello that is not followed by your name are all signs of a spoofed email. Real PayPal knows your name – and they will use it.
- Don’t forget to check the address it came from: PayPal has its own domain, so no “@gmail.com” or even “@paypal-service666”. Also, check if it’s spelled correctly – I know it’s hard to notice the second L in PayPall, but you should still check for it or any other spelling mistakes in the address. And just a general rule – check for grammar mistakes in the email itself. They are red flags that something sketchy is going on.
- Be aware of emails that ask for your personal or account information like passwords or answers to security questions. Never send your personal information in an email. That’s it, that’s the rule.
- If the email contains a link, check the previous points, especially the first two, before clicking it! Better yet, if you are not 100% sure you can trust it, try not using the link to go to the page they are trying to send you to (most likely, to the page where you can change your password). Instead, type the PayPal address into the address bar yourself. To be even safer, make sure the address contains https:// before its address: this will mean the page is secure and safe to use.
I know, sometimes you’re in a hurry and just do whatever the email tells you to do without checking the details because it looks legitimate enough. But these few rules are vital to make sure you don’t get scammed – scam is what definitely will steal a lot of your time. Scams through PayPal are not rare: it’s one of the most popular company names used for fraud. Be careful what you trust. Type in the address yourself and don’t trust potential buyers or sellers without checking for the transfers yourself.
If you still don’t feel secure enough in your ability to recognize fraud, read our article on how to protect yourself from Internet fraud.