PayPal has long been touted as a secure way to buy and sell products and services online — it’s currently trusted by 210 million active account holders in more than 200 markets around the world —but it’s not without its vulnerabilities. And as fraudsters become more savvy, they’re increasingly turning to alternative payment methods like PayPal to leverage these vulnerabilities and commit fraud.
Because PayPal generally uses email to contact customers and merchants, it isn’t unusual for business owners to find emails from the company in their inbox. However, legitimate communications are frequently mixed in with legitimate-looking account notifications like those below. But by knowing what to look for, merchants can significantly reduce the risk of falling victim to these four common PayPal scams.
1. Your Account Has Been Suspended or Restricted
Many merchants rely on PayPal to conduct business, so a suspended or restricted account would result in a serious revenue hit. So if a merchant receives an email that warns their account is about to be restricted due to unusual activity — a legitimate email that PayPal sometimes sends — merchants take notice.
Unfortunately, many of these emails are simply phishing scams — a fraudster’s attempt to trick the recipient into providing sensitive account data — and the merchant’s account isn’t actually at risk of suspension. But if merchants incorrectly believe in the email’s legitimacy, they might follow its instructions, like enter user names and passwords on a fake page or download, complete and submit an attachment. And just like that, the merchant has given the cybercriminal their login credentials — and full access to the merchant’s PayPal account.
What to do: PayPal never asks merchants for passwords or sensitive data by email or in a form. If a merchant receives an email stating their account will be restricted, the merchant shouldn’t click on any links in the email. Instead, they should open a new browser window, type PayPal.com and log in to check their accounts. Users can learn more by clicking Help in the top navigation, selecting Problems under Help Topics, and then clicking Account Limitations.
2. You’ve Been Paid
Fraudsters may try to trick merchants into shipping goods after receiving a fake, but realistic-looking payment notification.
What to do: Businesses should never ship items based simply on a PayPal email. Instead, they should log directly into their PayPal accounts (following the steps above) to check the status of pending orders.
3. You’ve Been Paid Too Much
Fraudsters may also send emails that claim a merchant has been overpaid for an item and request the merchant send the merchandise and refund the overage via a wiring service.
What to do: Requesting a partial refund via a payment method other than PayPal is a big red flag. Again, merchants should check their PayPal accounts before refunding any money or sending any product.
4. You’ve Been Paid (but From a Hijacked Account)
In some cases, merchants do everything right but still get defrauded. They check their PayPal accounts after receiving an order, see that they’ve received the payment and ship out the product. But it turns out the fraudster has actually hijacked an unsuspecting consumer’s account. As a result, the merchant might be responsible for refunding the transaction amount and have lost the product, too.
What to do: Merchants should familiarize themselves with PayPal’s Seller Protection Program to understand their rights in the event of an unauthorized transaction. If they believe they were the victim of a PayPal scam, they should also contact PayPal directly.
How Merchants Can Protect Their Business From PayPal Fraudsters
It’s becoming more difficult for businesses to discriminate between authentic emails from PayPal and emails from fraudsters. With cybercriminals using increasingly legitimate-looking graphics and email addresses, e-commerce merchants should take these steps to protect against being a victim of PayPal fraud:
- Do always check the sender’s email address. Fraudsters are proficient at making it seem like the email is coming from PayPal. To confirm PayPal is sending the email, merchants should hover their mouse over the sender’s name or click Reply to see the full address of the sender.
- Don’t click any links in a PayPal email unless certain of the sender. Instead, merchants should check on accounts and orders by opening a new browser window and visiting PayPal.com directly.
- Do report suspicious emails to firstname.lastname@example.org.
- Don’t open any attachments or download any software included in an email allegedly sent by PayPal.
When it comes to accepting payments for e-commerce transactions, PayPal continues to grow in popularity. But the risk for PayPal fraud is growing, too. Luckily, merchants can protect their e-commerce business against fraudsters by implementing a fraud protection solution that will decrease the risk associated with accepting alternative payment methods.
Talk with a ClearSale credit card fraud analyst today to learn how our multilayered solution can help you accept alternative payment methods, grow your e-commerce sales and minimize PayPal fraud.