PayPal is an online financial service that enables individuals and businesses to send and receive money.

PayPal itself is fairly secure, but it's always been a target of cybercriminals. With that in mind, here are the five most common PayPal scams to watch out for.

1. Phishing Scams

PayPal logo with fish hook seen on bright yellow background

Phishing is a type of cyberattack in which a threat actor impersonates a legitimate entity. The goal is to trick the victim into revealing sensitive personal information, be it bank account details or a username and password. There are several types of phishing attacks, but most are carried out via email.

PayPal phishing scams are common because they are an efficient way to steal user credentials and access their accounts. In a typical PayPal phishing scam, the victim receives an email claiming to be from PayPal's customer support, or a similar department—the email directs them to log into their account.

Scammers usually create a sense of urgency (e.g. warn the victim that their account has been compromised, or urge them to change their password) in order to incentivize the target to click their link. Once they click the link and input their information, the scammer takes control of their account.

Spotting a fake PayPal email is not always easy, because some messages seem perfectly legitimate. If you receive one that looks suspicious, make sure you forward it to phishing@paypal.com. In any case, you should never click on strange links, or download attachments from unknown email addresses.

2. Advance Payment Scams

PayPal logo and stacks of dollar bills seen on green background

When an offer seems too good to be true, it probably is. Yet many who are careful in real life for some reason throw all caution to the wind online. This is exactly what advance payment scams capitalize on.

In an advance payment PayPal scam, a target is usually contacted through email and told by a threat actor that they are about to receive a windfall of some kind. This can be anything from an unexpected inheritance, over a random reward, to a large cryptocurrency airdrop.

But of course, there is always a catch. More often than not, the catch is that you need to submit a relatively small payment to receive the money. Scammers typically say this payment is necessary to cover legal expenses, or a small transaction fee. Obviously, once the victim submits that payment, they never hear from the scammer again.

To a tech-savvy person, the promise of a large payment in exchange for sending money to somebody else's account may seem ridiculous, but people still fall for these scams. PayPal does have anti-fraud protections in place, but some scams still fall through the cracks, so one can never be too careful.

3. Shipping Address Scams

PayPal logo with delivery truck illustration on blue background

If you use PayPal to buy and sell goods, you've probably come across a shipping address scam. There are various types of these scams, but the goal is almost always the same: to cheat the seller and get their product for free.

For example, a scammer might purchase your product through PayPal, but put in a fake delivery address. This would obviously result in the shipping company marking the goods as undeliverable, at which point the scammer would contact that company and provide their real address. After that, they would file a claim with PayPal and request a refund.

Another thing scammers often do is ask sellers to use a prepaid shipping company, or demand sellers use a particular service claiming the fees are lower.

PayPal has a pretty good seller protection program, which can be used to file complaints and resolve issues, but scammers still find ways to trick both the payment company and the seller. To avoid falling for this scam, only use shipping companies you trust, don't let buyers dictate the terms of shipment, and only ship items to confirmed addresses.

4. Fake Charity Scams

PaPal logo and donation box seen on red background

Criminals have always relied on people's generosity and goodwill to make easy money, setting up fake charities and similar fraudulent organizations. In the digital age, such scams are often carried out online, sometimes through PayPal.

A typical PayPal charity scam involves a cybercriminal sending out emails and soliciting donations. Scammers might reference an ongoing humanitarian disaster or a natural catastrophe to ask unsuspecting people for money. Sometimes, they create fake websites and Facebook pages, or impersonate a real organization.

Some PayPal charity scams are easy to spot. If an email contains grammatical and spelling errors, it was probably composed and sent by a cybercriminal, and not an actual humanitarian organization. Similarly, if a supposed charity has little to no online presence, it is most likely a scam.

It should be noted, however, that some scammers go to great lengths to cheat people out of their money, creating near-perfect websites, so it's always a good idea to do a bit of research about an organization before handing out your hard-earned money.

5. Invoice Scams

PayPal logo and invoice illustration shown on purple background

PayPal invoice scams are exceptionally dangerous and effective because PayPal invoices come from the company itself—an email containing one definitely won't end up in your spam folder, or even look suspicious at the first glance.

It's easy to see how a person who regularly handles invoices could fall for this scam. For a start, when you need to pay a PayPal invoice all you have to do is tap or click a button, so just one wrong move is enough. On the other hand, scammers don't send random invoices to people. Rather, they usually mimic a real entity, like for example a hosting provider or a cybsersecurity firm.

In recent years, cybercriminals have focused on sending fake cryptocurrency invoices. What they do is, they mimic a real cryptocurrency exchange and count on the target being distracted, tired, or just curious enough to click and pay. And once they do that, it's too late—their money is gone.

All of this just means that you need to be extra-careful when handling PayPal invoices, and double-check if they are actually legitimate. And if you fall for a scam, it's not the end of the world: contact support, or open a dispute in PayPal's resolution center.

Keep Your Money Safe Online

PayPal is secure and easy to use, but it is not immune to fraud. Whether you use it to buy goods and services or transfer money to friends, you should always be on the lookout for scams.

And if you want to create an additional layer of security for your online transactions, consider using other safe payment methods.