Skip to content ↓ | Skip to navigation ↓

This article will give you insights into the common PayPal hoaxes circulating these days. Additionally, you will learn how to keep your payment experience safe when using the popular service in question.

The undeliverable shipment stratagem

Crooks may try to defraud someone of money by reporting a delivery failure to PayPal. This hoax starts with someone ordering your goods on an eCommerce site. The ill-disposed person chooses to send the funds via PayPal rather than opt for credit card payment or COD (cash on delivery).

This seems like a run-of-the-mill deal so far, doesn’t it? The next move is trickier, though. The scammer will deliberately provide phony shipment information for the product he bought. After a number of futile delivery attempts, the shipping company will flag the goods as undeliverable in its system.

Having received notices from the shipping company about the unsuccessful delivery events, the culprit will replace the bogus delivery address with a real one. Predictably enough, the merchandise will finally reach its destination. Once the ne’er-do-well has it, he will contact PayPal and say he hasn’t received the goods he paid for.

When processing the complaint, PayPal will see that the original address wasn’t valid, and hence they will have no clear evidence that the delivery took place. Then, acting in compliance with the Purchase Protection policy, the service will decline the payment. In the aftermath of this whole ruse, the black hat will keep the goods and get his money back.

Using the F&F option to pay for goods? Bad idea

In case you didn’t know, F&F stands for “Friends and Family.” It’s an option within the PayPal network allowing relatives or friends to send and receive money with lower fees than in a regular payment scenario. Some people may be tempted to abuse this feature and spend less on the transaction costs. Scammers take advantage of this lure, too.

The logic of the fraud is as follows: when you are up to buying something from another person who is a con artist in disguise, he will contact you over email and ask you to submit the money through the F&F option so that the fee is smaller. Should you opt for the offer, the funds will go the fraudster and he will reassure you that the goods will be sent as soon as possible.

Obviously, you’ll never receive the order. You cannot claim your money either because payments sent via the Friends and Family channel aren’t covered by the above-mentioned Purchase Protection for buyers. Technically, you engaged in foul play, and these are the consequences. What makes people fall for this hoax? The scammers often promise a big discount if you use F&F, which becomes a stimulus for many to give it a shot.

Inexistent shipping company

One more technique malefactors may employ to get hold of your money is to dupe you into using an alternative shipping service instead of the regular ones. Sometimes they will even try to persuade you that they own the delivery company. Note that the scammers will pose as buyers in this case and typically order more than one product to make more dough in a dirty way.

If the odd offer is okay with you, the malicious actors will make sure the goods take a detour and fall into their hands in the long run. PayPal will see that there is something totally wrong with the destination address; therefore, you won’t get compensation for the items you lost. The criminals’ next move is to contact PayPal with a refund request based on a complaint that they never received the order.

Gift for a friend? Yeah, right.

A swindler may say he’s interested in buying something from you, but he will ask you to do him an ostensibly innocuous little favor. Claiming that it’s supposed to be a birthday or anniversary surprise gift for a close friend, the crook will tell you to send it to a location that doesn’t match the address indicated in his PayPal account.

A few words about how happy the purported buddy will be to receive the stuff right at his place – and the story may act on your emotions and you will agree. However, once the fraudster gets the package, he will let PayPal know that it didn’t arrive at the registered address. Again, he’s officially entitled to a refund in this case.

The overpayment ruse

Yet another common maneuver of the bad guys revolves around what looks like an overpayment by mistake. Here’s the lowdown: you as a seller receive a regular payment notification email from PayPal, which means someone has sent money to buy a product from you. What happens next is the buyer will reach out to you and say he accidentally paid more than the goods actually cost and that he would appreciate it if you could return the extra funds. There are two main vectors and upshots of this particular hoax:

The perpetrator hacked another person’s PayPal account:

As soon as the affected user discovers that the account has been breached, he will report the incident to PayPal, and the service will reimburse the full amount that was stolen. As a result, you will lose your product along with the extra funds you returned to the hacker.

The offender uses his own account:

In this scenario, the dishonest person will follow the standard procedure to purchase your goods with PayPal. However, when he receives the item, he will get in touch with PayPal and start grumbling a lot about the order. He may claim that its quality is unsatisfactory, it has defects or it doesn’t work as advertised. At the end of the day, the platform will refund all of his money, so his wicked plan works out. How about you? The goods vanish, and so do the extra funds you gave back.

How to avoid common PayPal scams

  • Ignore spam emails and don’t click dubious links
  • Don’t fall for offers that look too good to be true
  • Never agree to ship your goods to an unverified address
  • Monitor your PayPal account for suspicious activity
  • Set up Two-Factor authentication
  • Familiarize yourself with the platform’s seller and buyer protection policies and stay tuned for changes in them
  • Use reliable security software, preferably with an anti-phishing feature
  • Be sure to use signature confirmation of delivery where appropriate
  • Don’t disclose your PayPal credentials to anyone
  • If an incoming email looks like it’s from PayPal, scrutinize the sender’s email address to make sure it doesn’t come from an impostor

david balabanAbout the Author: David Balaban is a cybersecurity professional writing for VPNpro. His key competencies include malware analysis, online privacy, and software testing. Additionally, he does his best to stay current with the e-threat landscape and keep tabs on the evolution of computer viruses. With 13 years of experience under his belt, David knows how security works and how important it is to maintain privacy on the Internet.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.