PayPal is a widely-used online payment system that's safe and has been around for several years. But since we simply can't have nice things, scammers have gone and co-opted PayPal to try and trick people into giving up their personal details and information.
As this is a big safety concern for people who use PayPal, we're going to take a look at what this scam is and how to stay safe from it.
Just remember that if you need support or someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.
What is a PayPal scam exactly?
PayPal scams generally come in the form of a phishing email or SMS containing a link to a fake website that tricks users into giving up their personal and financial information, thus allowing scammers to steal their money.
PayPal phishing email
Like most phishing emails, a PayPal phishing email contains an urgent message claiming that your account is 'locked' and that you'll need to 'fix' the issue by clicking on the button provided. Other scams include claiming that you've been 'paid' some money and you need to click on the provided button to claim it, or you've been 'paid too much' and you need to rectify it via the provided button.
However, that button will take you to a fake PayPal login page where any information entered will go straight to the scammers. Here's what a PayPal phishing email looks like:
While these emails can look pretty convincing, there are a number of red flags that reveal it to be fake, including:
The sender's email address is something random, like email@example.com.
Spelling and grammatical errors.
PayPal phishing SMS
Much like PayPal phishing emails, phishing text messages claims that something is wrong with your account, that you've been paid money, or that you've overpaid for something. The SMS will also contain a link or phone number for you to call to 'fix' the issue. However, engaging with the link will lead to a fake website designed to steal your personal information whereas the phone number will lead directly to a chat with the scammer or some random person.
Here's an example of a PayPal phishing texts:
In addition to looking pretty dodgy, there are a number of things to do if you receive one of these phishing text messages:
Verify the information by logging into your PayPal directly. DO NOT click any link that's in the text message.
If in doubt about something, always contact PayPal directly via their official customer service lines.
Some scammers will claim to be charities aimed at helping people in need and have set up fraudulent GoFundMe or PayPal donation links in an attempt to steal money from unsuspecting people. To really sell these fake charities, scammers will use email campaigns, fake websites, and fake social media accounts to convince people to donate to their fake charities.
If you come across a charity that seems a bit off or one you've never heard of, make sure you look into it and do some research to verify that it is legitimate. You can check if a charity is legitimate by looking it up on the Australian Charities and Not-for-profits Commission Search.
How can I stay safe from these scams?
It's important to be aware that any legitimate email from PayPal will come from the 'paypal.com' domain and address you by your first and last names, or your business names. Furthermore, a PayPal email or SMS NEVER ask you for sensitive information like your password, or credit card number, contain any attachments, or asks you to download or install any software.
If you've received a PayPal phishing email or SMS, stay vigilant and calm. Avoid opening any links or attachments contained in the phishing email. Delete it directly from your inbox and use a spam filter to block out unwanted emails. For SMS messages, don't click any link that's in it, delete the message and block the number.
If you've shared personal or financial details in response to the phishing email and SMS, you need to:
Contact your bank immediately to let them know what happened and ask what they can do to help.
Change the passwords for any online accounts that might be at risk. Make sure to enable two-factor authentication for an extra layer of security.
If you've shared personally sensitive information, such as your driver's licence, passport details, or contact details, visit IDCare for assistance on how to address potential identity theft.
File a report with the Australian Cyber Security Centre here.
If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app.
Image credit: Marques Thomas at Unsplash
All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice.