Common PayPal Scams, and how to avoid them

Last updated: June 17, 2021

There are two primary methods fraudsters use to gain access to the funds in your PayPal account. Arguably the most common is via a Phishing email scam. Another effective strategy is through a system cybersecurity attack. Both ways can often have devastating consequences for the victim.

PayPal Phishing Scams – What are they and How do they Work

In summary, a phishing scam is a fraudulent email sent in an attempt to impersonate another organisation and steal sensitive account information. Since a vast number of people use the PayPal e-wallet, it is very easy to send an email to a random address from a criminal enterprise claiming to represent PayPal. Typically, the types of spoof email scammers like to send include claims that ‘You have just been Paid’, ‘You have been overpaid’ or ‘Your account has been suspended’ etc. There are many types of email scams a bogus sender might use, but as a general rule of thumb, if it doesn’t make sense to you, or it sounds too good to be true, it’s most likely a scam.

Telltale signs of a Paypal Phishing Scam

Fortunately, PayPal phishing scams are easy to recognise when you know where to look. The first and most obvious giveaway is when the sender’s email address does not correlate to what you might expect to receive from PayPal. For example, an email address from is not the legitimate domain of

Typically, scammers use advance fee tactics to encourage victims to pay money upfront for a prize, product or service, such as a handling fee or delivery charge before receiving the offer. Fake charities are also another common practice used to prey on kind-hearted people to persuade them to donate to a charity that doesn’t exist. In all cases, PayPal will never ask its users for sensitive account information such as passwords, bank account or credit card details.

How to Avoid PayPay Phishing Scams

There are a few things users are well-advised to do to avoid falling victim to a Paypal Phishing scam.

1. Do Not Reply Directly to Emails

It is not always enough to identify a fake sender since scammers can easily fake a legitimate email address. The best policy is to check out the URL address in the email using a browser, avoiding the link in the email provided.

2. Log into PayPal from your Browser

If a message relates to your PayPal account, don’t use the links provided. Instead, log-in to PayPal directly and check your account and notifications via the official PayPal message centre.

3. Do not Donate Money Before Checking the Charity

Before you rush to contribute to a worthy charitable cause, it is better to check out the charity online to ensure that they have a legitimate website and that the company seeking to raise funds are credible and legitimate.

Further information on common phishing email scams is available from the official PayPal scams webpage.

PayPal System Cyberattacks: What are they and How do they Work

Hackers will exploit system security vulnerabilities to cause malicious damage to your computer systems and attempt to access private information such as PayPal account information. This is typically achieved by infecting your system with malware to capture passwords, PayPal account information, and other financial records. Furthermore, hackers will often use advanced tools to gain access to your computer. Once achieved, all private information is available, including emails sent and received which bad actors can read and scan for the information they can use to profit.

Telltale signs of a device security breech

Desktop PC’s, tablets and mobile device operating systems are all vulnerable to a malicious attack. Unfortunately, it is not always possible to recognise when malicious software and malware has infected your system. The most common telltale sign that malicious software has found its way onto your device is when it starts behaving in unusual ways, or the device is slower than usual.

How to Prevent and Avoid System Security Attacks

There are a few fundamental things that device owners can do to prevent a breach of your system.

1. Be cautious about what you Click, Download and Install

Malware can infiltrate your computer system in many ways. Commonly, it might be embedded in an email attachment that you click. It is also prevalent in a lot of free software that you download and install. The first thing you need to do to prevent malware infections is to be very cautious about what you click on, download and install onto your system. It is worth noting that PayPal emails do not contain attachments or they’ll ever ask you to install software.

2. Keep Your Operating System and Applications up to date

Ensuring your operating system and applications are up to date with the latest version is vital. Hackers will exploit bugs and security weaknesses to gain access to your device, so keeping your software current is one of the easiest things you can do to protect your system. Through your system’s control panel (preferences in iOS), it is possible to set automatic updates by default to guarantee you will always have the latest version of your software installed.

3. Set a Password or PIN on Your Device

Though this may seem like an obvious thing to do to protect your device, almost 50% of people do not like to use a PIN or log-in passwords on their device for convenience. Not providing the first security level for your device leaves owners vulnerable if it is lost or stolen. In such situations, all information on your device is accessible quickly and easily, including emails.

4. Install and Regularly Run Anti-Virus Software

While it is always a good idea to be vigilant to prevent cyberattacks and malware from finding its way onto your PC or device, it is not realistically possible to avoid all attacks. Once malware has infiltrated your system, anti-virus software remains the best way to find and remove unwanted and malicious programs. There are many good anti-virus software products available for download, and some are free to use. Once you have installed a program to remove malware and viruses from your computer or device, it is recommended to have internet security activated to deter threats in real-time. It is also advisable to have a schedule set up to run routine anti-virus checks regularly.

More information on Paypal system security is available from the official PayPal website page for scam prevention.