How Scammers Target Your PayPal Account & How To Never Fall For It

fake paypal email 300   How Scammers Target Your PayPal Account & How To Never Fall For ItPayPal is one of the most important accounts you have online. Don’t get me wrong, I’m not a huge PayPal fan, but when it comes to your money, you don’t want to play around. While getting your Facebook account hijacked is a huge annoyance, it’s nothing like getting your money stolen out of your PayPal account. And the Paypal scammers know this too. That’s why PayPal is one of the most targeted accounts for phishing and scams – there’s real money to be had.

Having a strong password for your PayPal account is important, of course, but most PayPal account break-ins don’t happen because your password is not strong enough. You might be surprised to learn that many account breaches happen when users provide their login information voluntarily. Sounds crazy? This is exactly the way PayPal scammers work. While PayPal does offer security in these matters, you are very much better safe than sorry. So be informed on how scammers can target your PayPal account, and be sure you know exactly how to avoid being scammed.

Fake PayPal Emails

paypal scam email6   How Scammers Target Your PayPal Account & How To Never Fall For It

 

Fake PayPal emails are insanely common and surprisingly original. Every time I think I’ve heard it all, I read about a new variety of these phishing emails. And they just keep getting cleverer and more sophisticated. Fake PayPal emails can claim any of the following:

  • Your account has been limited due to an unauthorized transaction.
  • You’re entitled to a refund.
  • You’ve received a payment.
  • You’ve sent a payment.
  • You need to verify your account.
  • You need to provide information that will help protect you.
  • You need to confirm your email address.
  • You need to update your account information.

And so on and so forth. These are just the most common examples to the very persuading, worrying and tempting ways Paypal scam artists can get your attention in these fake PayPal emails. But what can these emails do to you? It’s usually one of three things:

  • Persuade you to enter your login information on a fake website.
  • Persuade you to call a fake customer support number and provide your login information.
  • Trick you into opening an attachment which will install malware on your computer.

So we know these emails are common and persuading, and we know they’re pretty dangerous, so how can you still protect yourself?

Recognizing Fake Emails

1. Look at the sender’s address.

paypal sender   How Scammers Target Your PayPal Account & How To Never Fall For It

When you get an email from PayPal, always check the “From” field to see who sent it. Many times, you’ll find ridiculous yet confusing things like service@paypall.com, service@paypal.net, etc. Sometimes it will even be “service@paypal.com”, but looking carefully will reveal this is just the name of the sender, and the address is quite different.

In some cases, though, the Paypal scam artists are very smart, and the email does seem to come from the right email address for all intents and purposes. But don’t worry, you still have ways to find them out.

2. Look at the email’s greeting.

paypal scams   How Scammers Target Your PayPal Account & How To Never Fall For It

A genuine PayPal email will always use your full name or business’ name in the opening. If you see something like “Dear PayPal Member”, “Dear PayPal Customer”, “Dear Customer”, “Hello”, “Dear member”, or anything to that effect, ignore it. This is a sure sign you’re dealing with a fake email.

Does the greeting say “Hello <your full name>”? Continue checking the next points to make sure.

3. Are there attachments?

Does the email ask you to “see the enclosed attachment for more details?” Is there anything at all attached to the email? If so, feel free to ignore it. Genuine PayPal emails never include attachments, and will always prompt you to log in to your account to see whatever you need to see.

No attachments? On to the next sign.

4. Are there links? Check them.

paypal links   How Scammers Target Your PayPal Account & How To Never Fall For It

If you look at your genuine PayPal emails you’ll find that most of them don’t contain links you need to click at all. This includes notifications of sent payments, money transfers, and others. Some emails, such as notifications about received payments or signing up for preapproved payments will include links. If you do see links, a great way to verify them is to hover over them and see where they actually lead (without clicking!). All genuine links will leads to https://www.paypal.com/***. If you see anything else, including the correct address in a non-secure website (http:// instead of https://), don’t click it, and ignore the email. Most scam emails will include links to fake websites, as this is a great way to steal your login information.

You can also examine the link’s text. Does it say something like “Click here to activate your account”? Or “Confirm my account”? These are most probably fake. But don’t ever rely on text alone, always check where a link leads to in order to make sure.

5. Does the email ask for personal information?

Does the email ask for any personal information such as credit or debit card numbers, bank account details, driver’s license number, email addresses, or passwords? Ignore, ignore, ignore. PayPal will never ask for any personal details in an email.

6. Grammar and spelling

paypal scam email61   How Scammers Target Your PayPal Account & How To Never Fall For It

This is a no-brainer, but it’s nonetheless important. Many of these Paypal scam emails are written in bad English and include grammar and spelling mistakes. Naturally, genuine PayPal emails don’t have mistakes, so this is a quick and easy way to tell them apart. Another telltale sign is the use of punctuation marks. “Attention!”, “Your PayPal Account has been limited!”, “Thank you for using your bank account!” “Cancel transaction!”, are all signs of a spoof email.

I Found A Fake Email, What Do I Do?

As I’ve said over and over again throughout this post, the best thing to do with these fake emails is ignore and delete them. If you want to help others avoid similar emails, you can forward the email as is to spoof@paypal.com, and then promptly delete it. This will inform PayPal of the scam.

Fake PayPal Websites

Fake PayPal websites are an extension of fake emails, and are usually linked to within these emails. A fake PayPal website can look identical to the real PayPal, but when you try to log in, it will simply steal your username and password. Even if you’ve gone ahead and clicked a link in an email, not all is lost. Unless the website you’ve reached contains malicious scripts, you can still escape the scam.

Even if the website looks exactly like PayPal, stop for a minute and look at the address bar. Do you see this?

paypal secure address   How Scammers Target Your PayPal Account & How To Never Fall For It

There are three things you need to look for:

  • Are you actually on a www.paypal.com website?
  • If the address is actually www.paypal.com, is it also https?
  • Do you see the lock symbol (doesn’t appear in IE9 or lower)?

If all three (or first two, if you’re using IE9 or lower) are present, you should be safe. However, always be sure to check these on the page you’re actually logging into. Some very sophisticated scams have been known to appear on a genuine PayPal server, and then lead you to another page where you’re asked to log in – this one a fake. So even if everything seems in order, make sure to double check before actually entering your login information.

Note: the green verification bar might not appear when you try making payments to third-party websites through PayPal. This does not  mean they’re fake. However, you should definitely look for it on any link you follow from a PayPal email.

Conclusion

Avoiding PayPal scams is not hard. To start with, many of these scam emails are already filtered to your spam folder. If for some reason one escapes through, following the tips lined out in this post should keep you safe from any tricks and phishing scams.

Have you encountered a sophisticated scam email from PayPal? Have you ever been tricked by one? Share your stories!

Image Credit: Softpedia

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

37 Comments -

0 votes

Lee

Nice article. This is definitely something to keep around so I can forward it to someone if they need to know if an email’s fake or not (or even just as a general precaution).

0 votes

Anonymous

Good article, and timely. I just spent the afternoon setting up a client with a commercial Paypal account, and hopefully this might slow the inevitable phone calls I’m going to be getting (once I go live with the shopping cart)!

1 votes

El Geko

There is a very simple way to avoid problem.
When you receive a mail from Paypal (or else), never click no link from the mail and go, in another window, straight to your account, as you usually do.
Then, doing this, you’re not linked with the mail and if there’s a genuine problem (or info) that Paypal wanted to tell you about, it will be listed in your account anyway.
When I have a doubt, this is what I do. Never click a link from the mail, always go to the site straight from the browser.

0 votes

Sanjeev Jain

Thanks for your suggestion.

0 votes

Yaara Lancet

This is definitely an excellent tip. Thanks!

0 votes

Xantes

And not lastly – if you don’t already have one – do install a router and activate it its firewall! You might be surprised of this advice but you’ll be a whole lot more protected by a lot of dangers the are coming from outside of you Internet connection!

0 votes

Damien Garcia

This article was kinda scary lol but helpful. Thanks for the heads up!

0 votes

Yaara Lancet

No need to be scared, just open your eyes, use common sense, and you’ll stay safe. :)

0 votes

Abba Jee

Bundle of thanks :) worth reading article :)

0 votes

Alex Perkins

Thanks, gotta keep an eagle eye for these scams!

0 votes

Sanjeev Jain

We just need to use our common sense to be safe on internet.

0 votes

Roomy Naqvy

I have been very cautious with PayPal and have also reported few PayPal scam emails to PayPal but I am happy you wrote this article. A number of people fall for scams and this is certainly useful.

2 votes

Glenn Hyde

Sometimes, I think about what’s going to happen when/if the bad guys successfully learn how to spell and use proper grammar … will inexperienced and gullible users then be able to tell them apart from the real thing just based on noticing bad spelling?

0 votes

cj

I agree. These scammers probably read all these articles to find out how to do a better job.

0 votes

Yaara Lancet

Fortunately for us, no matter how hard they try they’ll never really be PayPal, so we can always know for sure at the end.

0 votes

Yaara Lancet

That’s pretty funny. :) I find it surprising that most of these scam email still use bad grammar and spelling. I mean, come on, put a little effort into it!

Of course, bad grammar shouldn’t be the only thing you look for in a fake email, it’s just one thing that jumps our immediately.

1 votes

cj

The biggest shame is that our Jr. and Sr. High schoolers, all the way through college graduates, use such terrible grammar, punctuation and spelling that it’s getting harder and harder to tell who is really educated here.

0 votes

Lynetta R.

I opened a bank account that I use only for Paypal and keep a very minimal amount of money in it and transfer funds to this account when making purchases through Paypal. I never leave very much in my Paypal account. They won’t get rich from hacking my account.

Yes I was hacked years ago and learned my lesson. Paypal is separate from the rest of my banking. I also can say that Paypal told me that I had been hacked before I even knew it. They really are watching out for their customers. They also refunded the money stolen.

1 votes

Mac Witty

Still happy to say I have not get trapped. Got a tip early: never log in from a link in an email, always type the ulr yourself

0 votes

Yaara Lancet

Yes, this is a good tip. Thanks!

0 votes

Ahamed Yaseen

Needed article for everyone…

0 votes

Christine St Syr Griffin

omg thank you i am so saving this article, i just opened a pay pal yesterday and find it a bit confusing, thanks ever so much, christine

0 votes

Raman Bathina

A detailed article about how to protect from PayPal scammers.I have recently got a spam message in my gmail inbox named with Facebook and the message is “your Facebook profile has error please login with this page to avoid discontinuation services”,and they put an attachment with the name fb.html that is redirected to some fake page.Like this paypal messages are also arrived.

0 votes

Anonymous

Well, the easiest way to avoid this is simply not to have a PayPal account. So far, I’ve managed to survive just fine without one. But if you do have one, clearly there is need to use some basic common sense!

0 votes

Doug Foggin

I think that the article as I read it goes far beyond ‘basic common sense’, Infact the author has been quit specific about what to look for, do or not to do as it applies to the use of ones PayPal account. Thus not having a Paypal Account is not the easiest way to avoid the issue – common sense would seem to be that having a Paypal account is requisite for validating the contents of this detailed and informative article.

0 votes

Philip Cohen

And the ugly reality of dealing with the clunky PayPal …
http://bit.ly/NFqjmp

0 votes

dragonmouth

Methinks you protest too much.

I have read your strident screeds against “PrayPal” and “eBafia” on several occasions. To me it seems as if you are trying to discredit any entity that is not Visa or MasterCard.

BTW – I am sure that right this very minute there is someone on the ‘Net writing equally impassioned screeds against Visa and MasterCard

While buying and selling on eBay, I have never encountered the problems you claim are so widespread. Yes, there is favoritism on the part of eBay towards their biggest sellers but, while unfair, it is understandable. One always reserves one’s best treatment for one’s biggest and best customers.

0 votes

Theodore Hammond

Common sense is your best protection from being scammed by anyone.

0 votes

JOSEPH VILLA

I OPENNED THE PAYPAL WEBSITE USING INTERNET EXPLORER 10 AND IT CONTRADICTS YOUR THIRD STATEMENT –

There are three things you need to look for:
?Are you actually on a http://www.paypal.com website?
?If the address is actually http://www.paypal.com, is it also https?
?Do you see the lock symbol (doesn’t appear in IE)?

I FOUND THE LOCK SYMBOL APPEARING NEXT TO THE SEARCH AND ARROWHEAD SYMBOLS. IF YOU PUT YOUR CURSOR ON TOP OF THE LOCK SYMBOL A DIALOGUE BOX WILL APPEAR SAYING ” PayPal, Inc.[US], Identified by VeriSign.”

GO AND TRY IE 10 TO OPEN YOUR PAYPAL ACCOUNT AND REVISED THIS ARTICLE.

0 votes

Tina Sieber

Joseph,

I cannot answer for Yaara, but in regards to your extensive use of CAPITALS, I would like to draw your attention to something called netiquette.

1 votes

Joseph Villa

Thanks for the Information and commenting on this article is another learning experience for me.

Netiquette is really something new to me and flaming through the use of uppercase letters was never my intention, I actually always do that because it helps me read articles better.

BTW, I still believe that this article needs some revision and thorough research must be done before writing one.

0 votes

Yaara Lancet

Hi Joseph,

Thanks for the input, I really appreciate it! You’re right, I should have mentioned in the article that I’m referring to IE9 and downwards. Since I’m on Windows 7 I didn’t bother to upgrade to IE10, as it’s only a preview version, if I understand correctly.

It’s good to know that Microsoft finally added the verification feature in IE10, but the fact is that most users still don’t use it, so what I said is still relevant. I will add a noted saying that the feature does exist in IE10, though. Thanks!

0 votes

rakingmuck (@rakingmuck)

I am dealing with a nightmare! A company posing as a trusted Twitter vendor hacked my Pay Pal Account (vicconsult.com) for 13 months. Because the amounts were small I did not notice. vicconsult claims to provide an auto tweet service, which by the way, I would never use. Now this guy is threatening and harassing me and Twitter is doing nothing.

0 votes

Yaara Lancet

Twitter is not going to do anything about it, I don’t believe. Did you try getting help from PayPal? If you can show them your account was hacked and this is happening without your consent, they might agree to help.

0 votes

NIGERIA CIVIL DEFENCE

WHY ARE YOU SPOILING JOB FOR US NOW

0 votes

Jumbybird

If you don’t have a pay pal account………..

0 votes

Robert

Oh those dirty Romanians and Nigerians are still on the prowl asking so nicely for your Pay Pal account.