The 14 Latest PayPal Scams (and How To Avoid Them)
PayPal scams range from fake emails and invoices to fraudsters “accidentally” sending you money. Learn how to spot (and avoid) the latest PayPal scams.
Hari Ravichandran is the CEO and founder of Aura, with over 40 approved or pending technology patents to his name. He was recognized by Forbes magazine as one of the most powerful CEOs 40 and Under in 2014 and 2015. Hari holds an MBA from the Wharton School at the University of Pennsylvania and a BS in Computer Engineering from Mississippi State University.
Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.
PayPal scams are becoming increasingly common — and sophisticated. Online payment fraud on platforms such as PayPal is expected to surpass $48 billion in 2023 [*].
For one Reddit user, all it took was a couple of legitimate-looking emails claiming to be “PayPal invoices” for Bitcoin purchases that the user hadn’t authorized [*]. Worried about being stuck with an unexpected bill, the user called the phone number listed on the invoice.
But it was only when the person on the phone asked to remotely access the user’s computer that it started to become clear they weren’t actually dealing with PayPal. It was a scam.
Even worse, the company recently disclosed that [*]:
Close to 35,000 PayPal users had their accounts hacked by a credential-stuffing attack in January of 2023.
If you’re one of the millions of people who use PayPal, or if you’ve received a suspicious-looking email claiming to be from the company, you need to recognize the warning signs of a scam.
In this guide, we’ll cover how PayPal scams work, show examples of the latest scams to watch out for, and explain what you should do if you’ve been scammed on PayPal.
{{show-toc}}
What Are PayPal Scams? How Do They Work?
PayPal scams include numerous different strategies and schemes that scammers use to convince PayPal users to send them their money and personal information or give them access to their accounts. .
With over 300 million account holders, PayPal users are compelling targets for scammers [*]. In fact, scammers are most likely to cheat customers out of money by using PayPal, according to the Better Business Bureau (BBB) [*].
While PayPal scams come in different shapes and sizes, the most common angles include:
Advance-fee scams. The victim is promised a large sum of money that will be released after paying scammers a fee in advance.
Phishing scams. A type of social engineering attack in which scammers impersonate PayPal representatives or other authoritative figures to trick victims into sending money or revealing sensitive information.
Overpayment scams. Scammers overpay for an item “by accident” (often using a stolen account or employing hacking techniques to make it appear as if the money is in your bank account) and then ask for the difference back through a payment form that is non-reversible.
While nothing online is 100% safe, PayPal is committed to ensuring maximum security for its users and has policies in place to help get your money back if you’ve been scammed. Unfortunately, scammers are only getting better at bypassing these measures and stealing your money and sensitive information.
✅ Take action: If you’ve been scammed on PayPal, your bank account, email, and even your identity could be at risk. Try Aura’s top-rated identity theft protection free for 14 days to secure your accounts and sensitive information against scammers.
Example: A PayPal Scam Email That Almost Worked
The easiest way to learn how to identify PayPal scams is to see one in action.
In this phishing email, scammers created a false PayPal confirmation email for a fraudulent order worth hundreds of dollars. But there’s an easy way out, the scammers explained — all you have to do is make a phone call and tell them it was a mistake.
Scammers know you’re more likely to fall for their schemes if they can get you on the phone and pressure you to act. And this scam email is designed solely for that purpose. They used the victim’s name and email, included a legitimate-looking order number, and didn’t ask for personal information or money (to avoid suspicion).
But if you pay close attention, you’ll notice the red flags of a PayPal scam:
The email doesn’t come from an official PayPal.com email address.
The PayPal logo is pixelated, meaning that it was stolen from another site.
It creates a false sense of urgency by claiming that you’ll owe money if you don’t act now.
The language is awkward and not what you’d expect from an official PayPal email (for example, “If you’re reading this email then it’s already too late to make any changes to your order. Sorry!”).
It includes a bogus phone number to “cancel” the fraudulent order.
Can You Get Your Money Back After Being Scammed on PayPal?
The good news is that people who pay by PayPal are more likely to get their money back from a scam compared to other payment apps (such as Zelle, Venmo, and Cash App) [*].
PayPal’s Seller Protection and Buyer Protection programs provide coverage for common situations, such as when you don’t receive payment or are sent an incorrect item.
If you’ve been scammed on PayPal, you first need to contact the seller to request a refund. If they don’t respond or refuse to issue it, you can open a dispute in PayPal’s resolution center within 180 days of the transaction date.
Note: It’s only possible to get your money back for payments made on PayPal. Scammers know this, and will often impersonate PayPal representatives to steal your passwords, get you to pay money using different platforms, or give up personal information that they can use for identity theft. In these cases, you’re unfortunately on your own.
Here are the most common PayPal scams and how to spot them before you fall victim.
1. Fake PayPal “payment confirmation” emails
Phishing emails, in which scammers pretend to be from PayPal, are among the most common email scams. There are many different PayPal phishing scams, but they all follow a general strategy.
How the scam works:
Scammers use domain spoofing to make an email look like it’s coming from PayPal.
The message creates a sense of urgency, so you act without thinking.
With your information in hand, scammers try to access your finances or steal your identity.
Don’t get scammed! Do this:
If you receive a “payment confirmation” email, check your PayPal account for recent purchases. If no suspicious payments are present, you can be certain that it’s a phishing email.
Never respond to emails or call phone numbers listed in them. If you’re unsure, contact PayPal directly through one of the contact methods on their website.
2. Scammers sending fake invoices from real PayPal email addresses
This is a sophisticated scam in which an email is sent from a validated PayPal email address. The email will claim that your “invoice has been updated” and that you owe money [*].
How the scam works:
Scammers create fraudulent PayPal Business accounts (or use a hacked account) to send real PayPal invoices.
The email appears legitimate, because it is. But the “Seller note” will include an explanation of why you owe money and a phone number to call for help.
If you call the provided number, you’ll be asked to download a remote administration tool that the scammers use to control your computer.
Don’t get scammed! Do this:
If you receive a suspicious email, go directly to PayPal.com and log in to your account. Check for recent purchases and invoices to see if the invoice is legitimate. If it is, check the store and sender to see if you recognize them. If you don’t recognize them, contact PayPal directly and inform them of the scam.
Remember: PayPal customer support will never ask you to download a program or file.
3. Emails and texts claiming your PayPal account is locked or suspended
Another common phishing tactic is to send an email claiming that the recipient’s PayPal account has been locked for some reason [*].
How the scam works:
Scammers send an email informing you that your PayPal account is locked, and they provide a button or link to “fix” the issue.
But if you click on the link, it takes you to a fraudulent PayPal site’s login page.
Any information that you enter on the fake website — your password, credit card information, etc. — goes straight to the scammers.
Don’t get scammed! Do this:
Never click on links, buttons, or ads in emails that you receive (as they could contain malware or send you to a fake website). Instead, always visit the official PayPal.com website directly.
Keep your eye out for the warning signs of a fake website. In the example above, there are many grammatical issues including the fact that “PayPal” in the first line isn’t capitalized.
Use safe browsing tools to warn you if you’re entering a phishing website designed to steal your passwords or payment details.
4. Fake PayPal “Fraud Alert” text messages
Phishing can also take place in the form of voice or SMS messages. Known as “smishing,” these scams occur when scammers send fraudulent text messages containing a bogus number or link [*].
How the scam works:
Scammers send an urgent message claiming something has gone wrong with your PayPal account. The most common scams are fake fraud alerts or purchase “confirmation” messages.
The messages will include a link or a phone number for you to call to “fix” the issue.
But if you engage, you’ll only further the scam — ending up on a fake website or on the phone with a fraudster.
Don’t get scammed! Do this:
Verify the information in the text message yourself. Log in to your PayPal account directly and update your password; also, check past transactions.
Never follow links or call numbers that are provided via text. Instead, always contact PayPal directly via their customer service lines.
✅ Take action: If you accidentally give sensitive information to PayPal scammers, they could empty your bank account or take out loans in your name. Try a top-rated identity theft protection service with credit monitoring to keep your finances and identity safe.
5. PayPal “accidental” overpayment scams
An overpayment scam occurs when scammers overpay for an item and then ask for a refund made into a different account.
How the scam works:
Scammers overpay for an item that they purchase from you (using stolen credit card numbers or a PayPal account).
After paying, they claim it was an accident and ask you to refund them the extra amount using a different method (such as through a payment service like Zelle or Cash App that’s harder to reverse).
Once they receive your payment, they cancel the original transaction. You’re then left with the loss of the sale, the loss of the refund, and further problems when the real account owner reports the fraud.
Don’t get scammed! Do this:
If someone overpays you, cancel the payment instead of refunding a part of it — especially if they ask you to transfer the refund into another account.
Never refund money using different account information other than the account used to pay you.
If you think you’ve received a fraudulent payment, contact PayPal support.
6. “Wrong person” transfers on PayPal
Similar to the overpayment scam, this is another chargeback scam in which fraudsters randomly transfer money and then ask for a refund [*].
How the scam works:
Scammers use hacked PayPal accounts or stolen credit cards to transfer money to your account.
If you accept the money, you’ll receive a message claiming it was a mistake along with a request to refund it to a different account.
If you follow through, you’ll be responsible for the missing funds.
Don’t get scammed! Do this:
If you receive a random transfer, ask to cancel the transaction (or cancel it yourself, if possible).
Scrutinize the transaction details, and never transfer money to a different account other than the one from which you received it.
The invalid shipping address scam primarily affects sellers on websites like eBay and Amazon. It involves scammers providing false shipping addresses and using delivery loopholes to receive both an item and a refund.
How the scam works:
Scammers place an order with your store — using an invalid shipping address.
After the shipment is marked as undeliverable, the scammer contacts the shipping company directly and provides them with a real address.
Then, the scammer files a complaint with PayPal claiming that the item never arrived. Because you have no proof of delivery (the transaction shows the original address), you lose the item — and the money is refunded to the scammer.
Don’t get scammed! Do this:
Double-check that the delivery address is legitimate before sending an item.
Make sure your delivery company will notify you if the address is changed.
8. Fake online stores asking for “friends and family” payments
In this scam, fraudsters on Craigslist, Gumtree, or Facebook Marketplace ask you to use PayPal’s “friends and family” option to save fees. Then, they disappear with your money.
How the scam works:
Sellers ask you to use a “friends and family” transfer because it avoids fees.
Your item never arrives. And because “friends and family” transfers aren’t covered by PayPal’s Buyer Protection, you have no way to recover your item.
Don’t get scammed! Do this:
Always use the “goods and services” option when buying via PayPal, as it’s covered by Buyer Protection in the case of fraud.
Use a credit card to make purchases on less trustworthy payment platforms, as you can use chargeback to get your money back if you get scammed.
9. You’re sent “free” money — but have to pay to receive it
Known as an advance-fee scam, this occurs when scammers promise you a large sum of money in return for a small upfront fee [*].
How the scam works:
Scammers contact you claiming that you’ve had a large sum deposited into your PayPal account, but there are “charges” that you must pay to access it.
You pay the charges, but the money never arrives. The scammer keeps pushing for more and more money as other problems surface that delay accessing your “deposit.”
Don’t get scammed! Do this:
Be suspicious of any transfers, unsolicited messages, or supposed payoffs that you weren’t expecting. If it seems too good to be true, it is.
10. Fake charity donations through PayPal
In fake charity scams, fraudsters trick well-meaning people into donating money to false causes.
How the scam works:
Scammers set up fraudulent GoFundMe or PayPal donation links, claiming to be charities involved in helping people in need.
Using email campaigns, fake websites, and scam Instagram pages, the scammers convince generous people to donate to their fake charities.
Don’t get scammed! Do this:
Only donate to reputable charities or ones with which you’re familiar.
This scam is similar to the fake invoice ruse, but with the added twist that the invoice is for Bitcoin. Scammers hope you’ll either pay the fake invoice or call the number listed to “cancel” the fraudulent charge [*].
How the scam works:
Scammers create a fake PayPal Business account (or hack a legitimate one) and use a name such as “Bitcoin Exchange.”
Then, they send a fake invoice that includes a seller note which leads you to believe it’s a receipt for a Bitcoin purchase (not a request for money).
If you call the number to dispute the charge, the scammer will charge fees to “reverse” the transaction, steal your personal identity, or try to defraud you in some other way.
Don’t get scammed! Do this:
Ignore PayPal invoices that you don’t recognize. An invoice is only a request for payment, not proof of purchase — no matter what the scammer’s seller note claims.
Forward the email to phishing@paypal.com and then delete it.
12. Fraudulent password reset emails
In this scam, fraudsters send fake emails that look like legitimate password change emails from PayPal. The email includes a link to “secure” your PayPal account. But if you click on the link, you’ll be taken to a fake PayPal login page that steals your password.
How the scam works:
You get an email that appears to be from PayPal claiming that someone has changed your password.
You click on the link in the email, which opens what appears to be the PayPal login page.
You enter your login information, which goes straight to a scammer who uses it to hack your account.
Don’t get scammed! Do this:
Never click on links in PayPal alert emails. It’s always safer to log in directly on PayPal.com.
Always verify a website URL before entering your login information. If it’s not PayPal.com, it’s a scam.
Hackers often impersonate PayPal customer support and claim that your account has been hacked or is showing suspicious activity. Their goal is to get you on the phone and ask for sensitive information — such as your account password or two-factor authentication (2FA)codes — demand payment, or get you to download software that gives them remote access to your computer.
How the scam works:
Scammers send texts or emails claiming to be from PayPal, stating that there’s a problem with your account.
The sender invents bogus threats and uses high-pressure tactics to get you to act out of fear.
Eventually, they’ll request sensitive information, payment, or ask you to download malicious software.
Don’t get scammed! Do this:
If you get a message about suspicious activity on your PayPal account, verify it by going directly to PayPal.com or calling the official PayPal number at 1-888-221-1161.
Never answer calls or reply to voicemail messages from numbers that you don’t recognize.
14. Malicious fake PayPal invoice attachments
This PayPal scam tries to scare you into believing someone has hacked your account and made a purchase in your name. The scammer hopes you’ll download the attached “invoice,” which contains hidden malware to compromise your computer [*].
How the scam works:
A scammer disguises malware to look like a PDF file and attaches it to emails pretending to be from PayPal.
When you click on the attachment, it may look like a regular PDF; but in reality, it has installed malware that gives a scammer complete control over your computer.
Don’t get scammed! Do this:
Don’t open attachments or click on links in emails from PayPal.
Remember that any Gmail address claiming to be from PayPal is a guaranteed scam.
Protect your devices from hacking by using antivirus software.
How To Spot (and Avoid) PayPal Scams: 5 Warning Signs
Generic greetings. Any official correspondence from PayPal will use your name (or business name). Greetings such as “Dear user” are clear signs of a scam.
Suspicious links and attachments. Always hover over or preview links before clicking on them. If they’re not going to PayPal.com, it’s a scam. Make sure to screen all email attachments using antivirus software.
Typos and poor grammar. PayPal is a multi-billion dollar company and won’t send you emails or texts that include poor spelling or grammar. These are clear signs of a phishing scam.
Fake email addresses or website URLs that are similar to official PayPal.com addresses and URLs. Only trust emails that come from “@paypal.com” and websites that are on the official PayPal.com domain. Make sure to click on email “from” names to reveal the true email address, and scrutinize domains before entering any sensitive information.
Requests for personal information or login credentials. PayPal employees will never ask you for sensitive information such as passwords, 2FA codes, or financial information.
Were You Scammed on PayPal? Here’s What To Do
If you’ve been scammed on PayPal, you must act quickly to mitigate the risks.
What to do if you sent money, cryptocurrency, or gift cards to a scammer
If the transfer is covered by Purchase Protection, the first step is to open a dispute:
File a dispute with the seller within 180 days of the transaction. If they don’t respond, move on to the following steps.
Open the Resolution Center.
Log in to your PayPal account.
Click “Report a Problem.”
Select the transaction in question.
Click “I Want to Report Unauthorized Activity” and follow the prompts to open the dispute.
Contact the seller on PayPal and ask for a refund (within 20 days). If they are unresponsive, you can click “Escalate” to make a claim.
PayPal will then contact you when they’ve reached a conclusion about your dispute.
If you used PayPal and paid with a credit card or personal bank account, you may be able to use chargeback to get your money back.
To try this, contact your financial institution and report the fraudulent transaction — PayPal will then freeze the amount in the seller’s account until a resolution is reached.
If you gave up personal information or if scammers have access to your PayPal account
Many scammers will try to steal your personal information or login details because they want to access your PayPal account (and your linked credit card or bank account).
Immediately secure your accounts. If scammers have locked you out of your account, reset your password. Then update your other passwords and enable 2FA on all accounts. Report the potential fraud to your bank, and freeze your credit with the three credit bureaus (Experian, Equifax, and TransUnion).
File a case with PayPal. If the scammer managed to steal your money, report the fraud to PayPal in the Resolution Center using the steps above.
The Bottom Line: Stay Safe When Shopping Online
To stay safe while using PayPal, you need to be proactive and learn how to identify scams.
For added security, consider signing up for Aura’s all-in-one cybersecurity solution. Aura monitors your most sensitive information, financial accounts, and even your passwords for signs of fraud and will alert you before scammers can do too much damage.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.