The 14 Latest PayPal Scams (and How To Avoid Them)

Share this:

Hari Ravichandran

CEO and Founder of Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Can You Get Scammed While Using PayPal?

    PayPal scams are becoming increasingly common — and sophisticated. In 2021 alone, online payment fraud on platforms such as PayPal cost users over $20 billion [*].

    For one Reddit user, all it took was a couple of legitimate-looking emails claiming to be “PayPal invoices” for Bitcoin purchases that the user hadn’t authorized [*]. Worried about being stuck with an unexpected bill, the user called the phone number listed on the invoice. 

    But it was only when the person on the phone asked to remotely access the user’s computer that it started to become clear they weren’t actually dealing with PayPal. It was a scam. 

    If you’re one of the millions of people who use PayPal, or if you’ve received a suspicious-looking email claiming to be from the company, you need to recognize the warning signs of a scam. 

    In this guide, we’ll cover how PayPal scams work, show examples of the latest scams to watch out for, and explain what you should do if you’ve been scammed on PayPal. 

    What Are PayPal Scams? How Do They Work?

    Paypal scams include numerous different strategies and schemes that scammers use to convince PayPal users to send them their money and personal information or give them access to their accounts. .

    With over 300 million account holders [*], PayPal users are compelling targets for scammers. In fact, scammers are most likely to cheat customers out of money by using PayPal, according to the Better Business Bureau (BBB).  

    The majority of people who lost money to an online scam used PayPal
    Source: BBB Online Purchase Scam Report

    While PayPal scams come in different shapes and sizes, the most common angles include: 

    • Advance-fee scams. The victim is promised a large sum of money that will be released after paying scammers a fee in advance. 
    • Phishing scams. A type of social engineering attack in which scammers impersonate PayPal representatives or other authoritative figures to trick victims into sending money or revealing sensitive information.  
    • Overpayment scams. Scammers overpay for an item “by accident” (often using a stolen account or employing hacking techniques to make it appear as if the money is in your bank account) and then ask for the difference back through a payment form that is non-reversible. 

    While nothing online is 100% safe, PayPal is committed to ensuring maximum security for its users and has policies in place to help get your money back if you’ve been scammed. Unfortunately, scammers are only getting better at bypassing these measures and stealing your money and sensitive information. 

    Take action: If you’ve been scammed on PayPal, your bank account, email, and even your identity could be at risk. Try Aura’s top-rated identity theft protection free for 14 days to secure your accounts and sensitive information against scammers. 

    Example: A PayPal Scam Email That Almost Worked

    The easiest way to learn how to identify PayPal scams is to see one in action. 

    In this phishing email, scammers created a false PayPal confirmation email for a fraudulent order worth hundreds of dollars. But there’s an easy way out, the scammers explained — all you have to do is make a phone call and tell them it was a mistake.

    Example of a convincing PayPal phishing email. Source: Aura team

    Scammers know you’re more likely to fall for their schemes if they can get you on the phone and pressure you to act. And this scam email is designed solely for that purpose. They used the victim’s name and email, included a legitimate-looking order number, and didn’t ask for personal information or money (to avoid suspicion).

    But if you pay close attention, you’ll notice the red flags of a PayPal scam:

    • The email doesn’t come from an official PayPal.com email address. 
    • The PayPal logo is pixelated, meaning that it was stolen from another site.
    • It creates a false sense of urgency by claiming that you’ll owe money if you don’t act now.
    • The language is awkward and not what you’d expect from an official PayPal email  (for example, “If you’re reading this email then it’s already too late to make any changes to your order. Sorry!”).
    • It includes a bogus phone number to “cancel” the fraudulent order.

    💡 Related: 20 Phishing Email Examples (That Don’t Look Like It)

    Can You Get Your Money Back After Being Scammed on PayPal?

    The good news is that people who pay by PayPal are more likely to get their money back from a scam compared to other payment apps (such as Zelle, Venmo, and Cash App) [*].

    PayPal’s Seller Protection and Buyer Protection programs provide coverage for common situations, such as when you don’t receive payment or are sent an incorrect item. 

    If you’ve been scammed on PayPal, you first need to contact the seller to request a refund. If they don’t respond or refuse to issue it, you can open a dispute in PayPal’s resolution center within 180 days of the transaction date. 

    Note: It’s only possible to get your money back for payments made on PayPal. Scammers know this, and will often impersonate PayPal representatives to steal your passwords, get you to pay money using different platforms, or give up personal information that they can use for identity theft. In these cases, you’re unfortunately on your own. 

    💡 Learn more: How To Get Your Money Back if You Were Scammed on PayPal

    The 14 Latest PayPal Scams To Know About

    1. Fake PayPal “payment confirmation” emails
    2. Scammers sending fake invoices from real PayPal email addresses
    3. Emails and texts claiming your PayPal account is locked or suspended
    4. Fake PayPal “Fraud alert” text messages
    5. PayPal “accidental” overpayment scams
    6. “Wrong person” transfers on PayPal
    7. Invalid shipping address scams
    8. Fake online stores asking for “friends and family” payments
    9. You’re sent “free” money — but have to pay to receive it
    10. Fake charity donations through PayPal
    11. PayPal Bitcoin scams
    12. Fraudulent password reset emails
    13. PayPal technical support scams
    14. Malicious fake PayPal invoice attachments

    Here are the most common PayPal scams and how to spot them before you fall victim. 

    1. Fake PayPal “payment confirmation” emails

    Phishing emails, in which scammers pretend to be from PayPal, are among the most common email scams. There are many different PayPal phishing scams, but they all follow a general strategy.

    How the scam works:
    1. Scammers use domain spoofing to make an email look like it’s coming from PayPal.
    2. The message creates a sense of urgency, so you act without thinking. 
    3. With your information in hand, scammers try to access your finances or steal your identity.
    Don’t get scammed! Do this:
    • If you receive a “payment confirmation” email, check your PayPal account for recent purchases. If no suspicious payments are present, you can be certain that it’s a phishing email. 
    • Never respond to emails or call phone numbers listed in them. If you’re unsure, contact PayPal directly through one of the contact methods on their website.

    2. Scammers sending fake invoices from real PayPal email addresses

    This is a sophisticated scam in which an email is sent from a validated PayPal email address. The email will claim that your “invoice has been updated” and that you owe money.

    Example of a “fake invoice” PayPal phishing email.
    Example of a “fake invoice” PayPal phishing email. Source: Krebs on Security
    How the scam works:
    1. Scammers create fraudulent PayPal Business accounts (or use a hacked account) to send real PayPal invoices. 
    2. The email appears legitimate, because it is. But the “Seller note” will include an explanation of why you owe money and a phone number to call for help. 
    3. If you call the provided number, you’ll be asked to download a remote administration tool that the scammers use to control your computer. 
    Don’t get scammed! Do this:

    If you receive a suspicious email, go directly to PayPal.com and log in to your account. Check for recent purchases and invoices to see if the invoice is legitimate. If it is, check the store and sender to see if you recognize them. If you don’t recognize them, contact PayPal directly and inform them of the scam.

    Remember: PayPal customer support will never ask you to download a program or file. 

    3. Emails and texts claiming your PayPal account is locked or suspended

    Another common phishing tactic is to send an email claiming that the recipient’s PayPal account has been locked for some reason. 

    Example of a PayPal phishing email in which the scammer claims that the victim’s account has been locked
    Example of a PayPal phishing email in which the scammer claims that the victim’s account has been locked. Source: Reddit
    How the scam works:
    1. Scammers send an email informing you that your PayPal account is locked, and they provide a button or link to “fix” the issue.
    2. But if you click on the link, it takes you to a fraudulent PayPal site’s login page.
    3. Any information that you enter on the fake website — your password, credit card information, etc. — goes straight to the scammers. 
    Don’t get scammed! Do this:
    • Never click on links, buttons, or ads in emails that you receive (as they could contain malware or send you to a fake website). Instead, always visit the official PayPal.com website directly
    • Keep your eye out for the warning signs of a fake website. In the example above, there are many grammatical issues including the fact that “PayPal” in the first line isn’t capitalized. 
    • Use safe browsing tools to warn you if you’re entering a phishing website designed to steal your passwords or payment details. 
    Aura phishing website protection
    Aura’s online safety tools warn you if you’re entering a fake website. Learn more about Aura and try it free for 14 days

    4. Fake PayPal “Fraud Alert” text messages

    Phishing can also take place in the form of voice or SMS messages. Known as “smishing,” these scams occur when scammers send fraudulent text messages containing a bogus number or link. 

    An example of a PayPal “smishing” message
    An example of a “smishing” message targeting PayPal users. Source: Tech.co
    How the scam works:
    1. Scammers send an urgent message claiming something has gone wrong with your PayPal account. The most common scams are fake fraud alerts or purchase “confirmation” messages.
    2. The messages will include a link or a phone number for you to call to “fix” the issue.
    3. But if you engage, you’ll only further the scam — ending up on a fake website or on the phone with a fraudster. 
    Don’t get scammed! Do this:
    • Verify the information in the text message yourself. Log in to your PayPal account directly and update your password; also, check past transactions. 
    • Never follow links or call numbers that are provided via text. Instead, always contact PayPal directly via their customer service lines. 
    Take action: If you accidentally give sensitive information to PayPal scammers, they could empty your bank account or take out loans in your name. Try a top-rated identity theft protection service with credit monitoring to keep your finances and identity safe.

    5. PayPal “accidental” overpayment scams

    An overpayment scam occurs when scammers overpay for an item and then ask for a refund made into a different account. 

    How the scam works:
    1. Scammers overpay for an item that they purchase from you (using stolen credit card numbers or a PayPal account).
    2. After paying, they claim it was an accident and ask you to refund them the extra amount using a different method (such as through a payment service like Zelle or Cash App that’s harder to reverse). 
    3. Once they receive your payment, they cancel the original transaction. You’re then left with the loss of the sale, the loss of the refund, and further problems when the real account owner reports the fraud. 
    Don’t get scammed! Do this:
    • If someone overpays you, cancel the payment instead of refunding a part of it — especially if they ask you to transfer the refund into another account. 
    • Never refund money using different account information other than the account used to pay you.
    • If you think you’ve received a fraudulent payment, contact PayPal support.

    💡 Related: Don’t Fall For These 7 Nasty Refund Scams

    6. “Wrong person” transfers on PayPal

    Similar to the overpayment scam, this is another chargeback scam in which fraudsters randomly transfer money and then ask for a refund.

    Example of a “wrong person” PayPal transfer scam. Source: Reddit
    How the scam works:
    1. Scammers use hacked PayPal accounts or stolen credit cards to transfer money to your account.  
    2. If you accept the money, you’ll receive a message claiming it was a mistake along with a request to refund it to a different account. 
    3. If you follow through, you’ll be responsible for the missing funds. 
    Don’t get scammed! Do this:
    • If you receive a random transfer, ask to cancel the transaction (or cancel it yourself, if possible). 
    • Scrutinize the transaction details, and never transfer money to a different account other than the one from which you received it. 

    💡 Related: How to Shop Online Safely (Without Getting Scammed)

    7. Invalid shipping address scams

    The invalid shipping address scam primarily affects sellers on websites like eBay and Amazon. It involves scammers providing false shipping addresses and using delivery loopholes to receive both an item and a refund.

    How the scam works:
    1. Scammers place an order with your store — using an invalid shipping address. 
    2. After the shipment is marked as undeliverable, the scammer contacts the shipping company directly and provides them with a real address. 
    3. Then, the scammer files a complaint with PayPal claiming that the item never arrived. Because you have no proof of delivery (the transaction shows the original address), you lose the item — and the money is refunded to the scammer. 
    Don’t get scammed! Do this:
    • Double-check that the delivery address is legitimate before sending an item.
    • Make sure your delivery company will notify you if the address is changed.
    • Insist on signature confirmations for deliveries. 

    💡 Related: I Got Scammed on eBay! What Can I Do?

    8. Fake online stores asking for “friends and family” payments

    In this scam, fraudsters on Craigslist, Gumtree, or Facebook Marketplace ask you to use PayPal’s “friends and family” option to save fees. Then, they disappear with your money. 

    How the scam works:
    1. Sellers ask you to use a “friends and family” transfer because it avoids fees. 
    2. Your item never arrives. And because “friends and family” transfers aren’t covered by PayPal’s Buyer Protection, you have no way to recover your item. 
    Don’t get scammed! Do this:
    • Always use the “goods and services” option when buying via PayPal, as it’s covered by Buyer Protection in the case of fraud. 
    • Use a credit card to make purchases on less trustworthy payment platforms, as you can use chargeback to get your money back if you get scammed. 

    💡 Related: Is Etsy Safe? 7 Etsy Scams You Need To Know

    9. You’re sent “free” money — but have to pay to receive it

    Known as an advance-fee scam, this occurs when scammers promise you a large sum of money in return for a small upfront fee. 

    Example of a PayPal advance payment scam. Source: Reddit
    Example of a PayPal advance payment scam. Source: Reddit
    How the scam works:
    1. Scammers contact you claiming that you’ve had a large sum deposited into your PayPal account, but there are “charges” that you must pay to access it.
    2. You pay the charges, but the money never arrives. The scammer keeps pushing for more and more money as other problems surface that delay accessing your “deposit.”
    Don’t get scammed! Do this:
    • Be suspicious of any transfers, unsolicited messages, or supposed payoffs that you weren’t expecting. If it seems too good to be true, it is

    10. Fake charity donations through PayPal

    In fake charity scams, fraudsters trick well-meaning people into donating money to false causes.

    How the scam works:
    1. Scammers set up fraudulent GoFundMe or PayPal donation links, claiming to be charities involved in helping people in need. 
    2. Using email campaigns, fake websites, and scam Instagram pages, the scammers convince generous people to donate to their fake charities. 
    Don’t get scammed! Do this:

     💡 Related: Is This Charity a Scam? How To Quickly Spot Charity Fraud

    11. PayPal Bitcoin scams

    This scam is similar to the fake invoice ruse, but with the added twist that the invoice is for Bitcoin. Scammers hope you’ll either pay the fake invoice or call the number listed to “cancel” the fraudulent charge.

    An example of a PayPal Bitcoin scam email. Source: Reddit
    An example of a PayPal Bitcoin scam email. Source: Reddit
    How the scam works:
    1. Scammers create a fake PayPal Business account (or hack a legitimate one) and use a name such as “Bitcoin Exchange.”
    2. Then, they send a fake invoice that includes a seller note which leads you to believe it’s a receipt for a Bitcoin purchase (not a request for money).
    3. If you call the number to dispute the charge, the scammer will charge fees to “reverse” the transaction, steal your personal identity, or try to defraud you in some other way.
    Don’t get scammed! Do this:
    • Ignore PayPal invoices that you don’t recognize. An invoice is only a request for payment, not proof of purchase — no matter what the scammer’s seller note claims.
    • Forward the email to phishing@paypal.com and then delete it.

    12. Fraudulent password reset emails

    In this scam, fraudsters send fake emails that look like legitimate password change emails from PayPal. The email includes a link to “secure” your PayPal account. But if you click on the link, you’ll be taken to a fake PayPal login page that steals your password. 

    An example of a phishing site designed to look like the PayPal login page. Source: Verified.org
    An example of a phishing site designed to look like the PayPal login page. Source: Verified.org
    How the scam works:
    1. You get an email that appears to be from PayPal claiming that someone has changed your password.
    2. You click on the link in the email, which opens what appears to be the PayPal login page.
    3. You enter your login information, which goes straight to a scammer who uses it to hack your account.
    Don’t get scammed! Do this:
    • Never click on links in PayPal alert emails. It’s always safer to log in directly on PayPal.com.
    • Always verify a website URL before entering your login information. If it’s not PayPal.com, it’s a scam.

    13. PayPal technical support scams

    Hackers often impersonate PayPal customer support and claim that your account has been hacked or is showing suspicious activity. Their goal is to get you on the phone and ask for sensitive information — such as your account password or two-factor authentication (2FA)codes — demand payment, or get you to download software that gives them remote access to your computer. 

    How the scam works:
    1. Scammers send texts or emails claiming to be from PayPal, stating that there’s a problem with your account.
    2. The sender invents bogus threats and uses high-pressure tactics to get you to act out of fear.
    3. Eventually, they’ll request sensitive information, payment, or ask you to download malicious software.
    Don’t get scammed! Do this:
    • If you get a message about suspicious activity on your PayPal account, verify it by going directly to PayPal.com or calling the official PayPal number at 1-888-221-1161.
    • Never answer calls or reply to voicemail messages from numbers that you don’t recognize.

    14. Malicious fake PayPal invoice attachments

    This PayPal scam tries to scare you into believing someone has hacked your account and made a purchase in your name. The scammer hopes you’ll download the attached “invoice,” which contains hidden malware to compromise your computer.

    An example of a fake PayPal payment invoice. Source: Reddit
    An example of a fake PayPal payment invoice. Source: Reddit
    How the scam works:
    1. A scammer disguises malware to look like a PDF file and attaches it to emails pretending to be from PayPal.
    2. When you click on the attachment, it may look like a regular PDF; but in reality, it has installed malware that gives a scammer complete control over your computer.
    Don’t get scammed! Do this:
    • Don’t open attachments or click on links in emails from PayPal.
    • Remember that any Gmail address claiming to be from PayPal is a guaranteed scam.
    • Protect your devices from hacking by using antivirus software.
    Aura antivirus
    Aura combines powerful antivirus software with top-rated identity theft protection. Learn more and try Aura free for 14 days

    How To Spot (and Avoid) PayPal Scams: 5 Warning Signs

    1. Generic greetings. Any official correspondence from PayPal will use your name (or business name). Greetings such as “Dear user” are clear signs of a scam. 
    2. Suspicious links and attachments. Always hover over or preview links before clicking on them. If they’re not going to PayPal.com, it’s a scam. Make sure to screen all email attachments using antivirus software.
    3. Typos and poor grammar. PayPal is a multi-billion dollar company and won’t send you emails or texts that include poor spelling or grammar. These are clear signs of a phishing scam. 
    4. Fake email addresses or website URLs that are similar to official PayPal.com addresses and URLs. Only trust emails that come from “@paypal.com” and websites that are on the official PayPal.com domain. Make sure to click on email “from” names to reveal the true email address, and scrutinize domains before entering any sensitive information. 
    How to ensure you're on the official PayPal website
    Check that you’re on the official PayPal.com domain before entering any information.
    1. Requests for personal information or login credentials. PayPal employees will never ask you for sensitive information such as passwords, 2FA codes, or financial information. 

    Were You Scammed on PayPal? Here’s What To Do!

    If you’ve been scammed on PayPal, you must act quickly to mitigate the risks. 

    What to do if you sent money, cryptocurrency, or gift cards to a scammer

    If the transfer is covered by Purchase Protection, the first step is to open a dispute:

    • File a dispute with the seller within 180 days of the transaction. If they don’t respond, move on to the following steps.
    • Open the Resolution Center.
    • Log in to your PayPal account.
    • Click “Report a Problem.”
    • Select the transaction in question. 
    • Click “I Want to Report Unauthorized Activity” and follow the prompts to open the dispute. 
    • Contact the seller on PayPal and ask for a refund (within 20 days). If they are unresponsive, you can click “Escalate” to make a claim.
    • PayPal will then contact you when they’ve reached a conclusion about your dispute. 

    If you used PayPal and paid with a credit card or personal bank account, you may be able to use chargeback to get your money back. 

    To try this, contact your financial institution and report the fraudulent transaction — PayPal will then freeze the amount in the seller’s account until a resolution is reached. 

    If you gave up personal information or if scammers have access to your PayPal account

    Many scammers will try to steal your personal information or login details because they want to access your PayPal account (and your linked credit card or bank account). 

    To prevent further damage after identity theft or account takeover fraud:

    • Immediately secure your accounts. If scammers have locked you out of your account, reset your password. Then update your other passwords and enable 2FA on all accounts. Report the potential fraud to your bank, and freeze your credit with the three credit bureaus (Experian, Equifax, and TransUnion).
    • File a case with PayPal. If the scammer managed to steal your money, report the fraud to PayPal in the Resolution Center using the steps above. 

    The Bottom Line: Stay Safe When Shopping Online

    To stay safe while using PayPal, you need to be proactive and learn how to identify scams. 

    For added security, consider signing up for Aura’s all-in-one cybersecurity solution. Aura monitors your most sensitive information, financial accounts, and even your passwords for signs of fraud and will alert you before scammers can do too much damage. 

    Win the battle against online scammers. Try Aura free for 14 days

    Related Articles

    I got scammed on Apple Pay
    Fraud

    Scammed Using Apple Pay? Here's How To Get Your Money Back

    Were you scammed on Apple Pay? Here’s how you can identify common Apple Pay scams and dispute fraudulent charges to try and get your money back.

    Read More
    July 28, 2022
    how to safely shop online without getting scammed
    Fraud

    How To Shop Online Safely (Without Getting Scammed)

    Online shoppers lost $337 million to fake stores and shopping scams last year. Stay safe by following these 14 essential online shopping safety tips.

    Read More
    October 4, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers