PayPal Fraud: What Merchants Should Know and How Users Can Stay Safe
PayPal has established itself as the most popular online payment platform in the world. It’s designed for individuals and also for businesses without large monthly transaction numbers. PayPal is also the first brand that comes to mind for international payments too.
You’ve undoubtedly heard how the majority of viruses target Windows. This is because they’re the dominant player, so virus and malware makers don’t target Linux and Apple’s OS as much – although hackers have demonstrated increasing interest in Apple systems in recent times.
The same applies to PayPal. With more than 400 million accounts, not to mention the involvement of money, PayPal and its account holders have become a target.
Unsurprisingly, the primary method of targeting account holders involves phishing.
What is Phishing?
Phishing is a form of cybercrime that involves attackers contacting their targets directly. This could be through email, phone, or text message and is designed to encourage people to share personal information. In the context of PayPal, it’s all about gaining access to an unsuspecting user’s PayPal account.
PayPal and Phishing
PayPal accounts are valuable. Not only do they provide a payment gateway to the world for users, but they often have bank details and other financial information associated with them. As a result, they’re a prime target for hackers and scammers, as one account can unlock many more profitable credentials.
PayPal understands the vulnerability; they even have an entire section of their website dedicated to identifying and preventing phishing attacks. However, when there are this many accounts involved, it is impossible to cover every eventuality.
How Scammers Target PayPal Accounts
There are numerous ways for scammers to attack PayPal accounts. Some involve intentional payments from the account, while others include attacks that aim to steal credentials.
- Advance Payments: While a classic scam regarding age and widespread knowledge, some PayPal users still suffer from advance payment fraud. It often involves making a relatively small payment and providing personal information – usually valuable in its own right. Beating this PayPal scam comes down to never transferring money to anyone you don’t know, and not for anything other than an agreed transaction.
- Refund Scams: Usually targeting sellers rather than buyers, refund scams usually involve an ‘overpayment’. The buyer contacts the seller, claiming a mistake, and asks for a refund of the additional amount. Once processed, they cancel the original transaction and are never heard from again. To avoid this scam, never manually refund. Instead, cancel all transactions manually and start over.
- Traditional Phishing: Unfortunately, phishing has become something of a tradition, and anyone with an email account – even if they’ve never used PayPal – has probably received an email designed as part of the scam. They work in much the same way as any other phishing scheme – tell a user something is amiss, get them to log in to a false page, and collect their user information. The best defense is, unusually, to ignore anything sent to you via email. Instead, log in to your account on the official PayPal website and handle all your transactions from there. Unless you’re genuinely compromised, it might be the safest place to be!
Reporting Suspicious PayPal Emails
Naturally, if you receive an unusual communication from PayPal and you’re unsure if it’s real, you should report it to the company itself. As outlined in the company’s online guidance, if you suspect anything unusual, forward the email to [email protected]. They keep a record of unusual activity, and while you’ve avoided anything untoward, this can help them stay ahead of the game for the rest of their users.
As the largest company of its kind, PayPal inherently involves financial transactions and often attracts unscrupulous individuals. The best way to combat unusual activity is through common sense. If something looks too good to be true or asks for your login details, it’s best to ignore it until you can interact with PayPal directly.
For the most part, PayPal is an incredibly secure platform. Its popularity makes it a target, but an all-around understanding of phishing and common attacks among you and, where applicable, your employees, can cut any attack off before it starts. Contact us today to see how we can help !