How PayPal Users Get Scammed

Header

Author: Kaspersky Cybersecurity

June 4, 2021

The most common ways PayPal users get cheated out of their money are through spam, phishing, and various kinds of fraud on the platform.

You know how to use PayPal safely, but every day, scammers come up with new tricks to gain access to users’ accounts and empty their pockets digitally. Today we’re sharing some of fraudsters’ most popular schemes.

Advance payment fraud

It’s not unusual for online scammers to use so-called advance payment fraud, a classic Internet scam, to defraud PayPal users. Victims receive notifications that they are owed a certain amount of money — could be an inheritance, winning the lottery, or some other compensation.

The options are limitless, but whatever the story, the victim has to make a small advance payment (in this case, using PayPal), and maybe fill out a form with personal data, to receive the money. Of course, the message sender disappears upon payment, and any personal data disclosed ends up in a database and perhaps sold on the dark web.

How to avoid this scam: Do not transfer money or disclose information about yourself to strangers. Most of these messages have plenty of red flags: absurdly generous winnings or compensation, grammatical errors, a sender’s address that seems more appropriate for a robot than a living person, and so on. Pay close attention to all of the details and do not make decisions in a hurry.

PayPal account problems

Scam number two: Houston, we have a problem. This scam begins with an e-mail that claims to come from PayPal and says something is wrong with the recipient’s account. But don’t worry, the problem can be fixed — just click on this link and log in.

Now wait a moment. That sounds a lot like phishing!

In 99% of cases, the link leads to a page that looks more or less like the real PayPal site, although on a slightly different domain. Log in from there and both username and password go straight to the scammers.

In especially severe cases, fixing the alleged account problem may require installation of a program “to help restore access.” In fact, it will be a Trojan.

How to avoid the scam: Again, look for errors in the message and Web addresses that do not match the service’s official address, and always remember that PayPal will never report a problem to you using that kind of wording in an e-mail.

By the way, you can check whether a website is real or a phishing site using our OpenTip service. Even easier, install a security solution that protects you against phishing and online fraud — it will recognize dangerous Web pages automatically and block them, even when you’re rushed or distracted.

These days, scammers spread phishing links not only by e-mail, but also on social media. For example, someone might set up a Twitter account with a name like PayPalGifts and use it to target gullible users. It won’t last long, of course, but while the account is up it can reap quite a harvest of user credentials.

Overpayment refund scams

Let’s now turn to some ways scammers entice people to give them money almost entirely of their own free will. Among the most common scams in this category are overpayment scams, in which a buyer sends a seller payment, but for some reason they send more than the sales price. The buyer claims it is a mistake, and asks for a refund of the difference, but immediately on receipt the buyer cancels the original transaction.

How to avoid the scam: Accidents happen, of course, but in most cases overpayment is implausible, and it should always be a red flag. In the event of a real error, it is safer for both parties to cancel the erroneous transaction and allow the payer to start fresh, resending the correct amount and carefully checking every one, zero, and decimal point. If they refuse, contact PayPal support right away.

Fraud involving delivery and payment cancellation

Another common scam concerns delivery. Sometimes fraudsters pretending to be buyers ask a seller to send goods using the buyer’s favorite delivery service, which supposedly offers them a discount. The crooks change the delivery address and then file a complaint, saying the goods were never delivered.

Another potential outcome is that the delivery company turns out to be a front, allowing a dishonest buyer to get their money back using existing legitimate mechanisms for goods sent in good faith.

Finally, this kind of scam may be perpetrated through address substitution: The buyer provides a fake address, and after several unsuccessful delivery attempts the company asks them where their purchase should be delivered. That way, they receive the package but nevertheless file a complaint against the seller claiming that they didn’t receive anything. Given the numerous reports of unsuccessful delivery, PayPal may believe the fraudster.

How to avoid the scam: Use only delivery services verified by you personally or by people you trust. Never send anything before receiving payment, and be sure to keep all receipts.

“Creative” payment schemes

Honest people can also be cheated using murky payment schemes. For example, PayPal has a money transfer option with reduced rates for family and friends. Sometimes scammers request a money transfer that way so as to save on commissions, and they promise a discount in return.

According to the rules of the platform, however, this method is not supposed to be used to pay for goods, and no customer protection program applies to such transfers. Anyone who sends a “friends and family” payment to a scammer can kiss the money — and the goods — goodbye.

Scams of this ilk also include offers to transfer money using alternative means that are supposedly more convenient, or cheaper, or for any other reason considered better by the seller. In general, if the other party insists on something like this, or starts spinning tales, or tries to create urgency (last chance to make a deal, in an hour’s time I’m flying to Alaska to live off the grid for the next 20 years), there’s probably something fishy going on.

How to avoid the scam: Ignore requests to use alternative payment methods. PayPal has very good protection programs for both sellers and buyers, but they work only for standard transfers made over the platform.

Charitable-contribution and investment scams

There is a special circle of hell for people who send out fake solicitations for charitable donations. It is not uncommon for such people to accept “donations” or “contributions” through PayPal. Canceling the payment is no help if the fraudsters claim the received funds promptly (which they will probably do), so you need to check that everything is legit in advance.

Be especially attentive to requests for a charitable donation during natural disasters and other force majeure events — rest assured, crooks will always be there to cash in on the misfortune of others.

“Profitable opportunities,” aka investment opportunities, can arise at any time. The scams are similar to those involving fake charities, but they are often characterized by promises of fabulous profits without any special risks. Of course, life doesn’t actually work that way.

How to avoid the scam: Research and verify interesting offers. Check the reputation of every charitable foundation (or investment company) you consider sending money to. It is best if you have acquaintances or friends who have worked with the concern and can vouch for its legitimacy, but regardless, you can verify charities on the Internet using services such as Charity Navigator, the Better Business Bureau, and Charity Watch.

How to avoid trouble on PayPal

Let’s summarize and outline some general tips to help you protect yourself against the majority of attempts at deception, account hijacking, and other such unpleasantness:

  • Look for red flags in messages: grammatical mistakes, attempts to incite a sense of urgency or danger, e-mail addresses and links that differ from the official ones (even if just by one letter);
  • Don’t trust messages unconditionally; check any potential issues through your personal account on the website or in the PayPal app (especially important when it comes to messages confirming the crediting of funds);
  • Never use an unfamiliar delivery service, and ship to the address indicated on the transaction page, no other.
  • Avoid the alternative money transfer methods fraudsters propose; PayPal’s protection programs do not cover them.
  • Don’t trust an offer that seems too good to be true; it probably isn’t;
  • Do not give out personal information to the other party beyond what is necessary for the transaction. In particular, never share your password;
  • Do not download additional software or any other suspicious files sent to you by e-mail. PayPal does not do that.

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Top Safety Picks

Your Go-To Tools for Online Safety
Disclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.

  1. ScamAdviser App : That site looks legit. That's exactly how they get you. Modern scams are frighteningly convincing. ScamAdviser scans sites and blocks fraud calls automatically. Free on iOS & Android.
  2. NordVPN : NordVPN delivers powerful, seamless protection for your online life - whether you're at home, on public Wi-Fi, or traveling abroad. Recognized as one of the fastest VPN services available, it combines lightning-fast speeds with advanced encryption to keep
  3. Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
  4. Private Internet Access (PIA) : PIA gives you a no-logs VPN built on the latest encryption standards and WireGuard protocol — meaning your browsing activity stays yours alone. Fast, private, and transparent. Take back your privacy today!
  5. Surfshark VPN : One subscription, unlimited devices. Surfshark is the fastest VPN out there — covering your phone, laptop, tablet and more with a stable, secure connection for browsing, streaming and working. Get Surfshark now!
  6. Proton VPN : Independently audited and built with a strict no-logs policy, Proton VPN is trusted by over 3 million users worldwide. It’s been named Best VPN by Wired, PCMag, and Vice—offering strong encryption for anyone who takes their privacy seriously. Give Proton

Popular Stories

In a nutshell: A good VPN protects your privacy with strong encryption, a strict no-logs policy, and fast protocols like WireGuard. The best VPNs also offer wide server coverage, leak protection, and easy-to-use apps for all devices. For 2025, the top providers are NordVPN, ExpressVPN, Surfshark, Proton VPN, Private Internet Access, CyberGhost, and Mullvad—each excelling in speed, security, or value. In an age where every click is tracked, a Virtual Private Network (VPN) is no longer just a luxury—it's an essential tool for digital privacy and security. A VPN works by creating a secure, encrypted tunnel between your device and the internet, masking your real IP address and protecting your sensitive data from prying eyes. But with hundreds of providers out there, how do you sort the secure from the suspect? This guide breaks down the non-negotiable features of a quality VPN and highlights the 7 top-rated services for 2025. What to Look for in a Good VPN: The 4 Non-Negotiable Pillars 1. Ironclad Security Features Strong Encryption: AES-256, the gold standard. Secure Protocols: OpenVPN, WireGuard, NordLynx, Lightway. Avoid PPTP. Kill Switch: Ensures no accidental IP leaks. Leak Protection: Covers DNS, IPv6, and WebRTC. 2. Verified Privacy Practices No-Logs Policy: No activity or metadata tracking. Independent Audits: Verification by third parties. Safe Jurisdiction: Prefer countries outside the 5/9/14 Eyes alliances. 3. High-Speed Performance Fast Protocols: WireGuard and equivalents. Large Server Network: Less crowding, more reliable speeds. 4. Essential Usability Features Multi-Device Apps: Windows, Mac, iOS, Android, routers. Simultaneous Connections: One account, many devices. Unblocking Power: Netflix, Hulu, BBC

This article has been updated by Jamie James on June 9 with the latest data and analysis we have found using real user reports and experiences submitted to ScamAdviser. Just received that terrifying notification? Or perhaps you've noticed suspicious activity in your accounts? Take a deep breath. Your email, password, phone number, home address, payment details, or identity documents may now be in places you cannot control. But the next steps do not have to be confusing. What matters most is how quickly you act, order, and know which exposed data creates the biggest risk. This guide explains what to do after a data breach, how to check the damage, and how to protect yourself from identity theft, account takeover, and follow-up scams. Quick Summary Verify the data breach notice through the company’s official website before clicking any links. Secure your primary email account first because it controls many password resets. Change the exposed password and every reused or similar password. Enable multi-factor authentication on email, banking, payment, cloud, and social accounts. Contact your bank or card issuer if payment or bank account details were exposed. Freeze or protect your credit if sensitive identity information was compromised. Watch for phishing messages, fake refund offers, and scam websites that use your leaked details. Starting with Data Breach Numbers The numbers don't lie: according to a 2024 report, the number of data breach victim notices has grown by a staggering 211% year-over-year. This isn't just a distant threat; it's a stark reality many individuals fa