Is PayPal Safe? Assessing Real-World Cases to Understand Risks and Find Out Protective Measures

Is PayPal safe to use? A brief overview of key security measures

PayPal app ensures safety for both sellers and buyers by securing and transaction data. When you are on the genuine PayPal site through a secure https connection, then your personal data will not be compromised when making payments

The service offers top-notch security features, including SSL protocol and data encryption. To be more specific, let’s have a closer look at the key security measures offered by PayPal:

• Encryption. PayPal covers all transactions with 128-bit data encryption, using the Secure Sockets Layer (SSL) protocol. 
• Browser integrity checks. PayPal will test whether you have a browser that supports the security standards and then it grants you access to the account. In case there is an issue of browser insecurity, you cannot log in.
• Security key. A good password is usually not enough to protect an account from unauthorized access. This is why PayPal also allows two-factor authentication (2FA) to be established. You have the added security of a one time PIN sent to your phone.
• Fraud monitoring. PayPal sends automatic alerts for suspicious activities on all transactions. A team of security experts detects questionable transactions and does its best to prevent common types of fraud.
• Dispute resolution. PayPal helps in settling fights and controversies which occasionally arise between sellers and buyers. The transaction is suspended until a problem is solved.
• Purchase protection. PayPal’s buyer protection program refunds qualified purchases such as shipping charges in case of damage of products or non-delivery. You can even receive a complete refund in case the product is not as described or there is a critical damage or the product is not received.
• Seller protection. Sellers are safeguarded against false claims and chargebacks with evidence-based support. It means that even if a buyer submits an unreasonable complaint, the seller won’t lose funds as long as none of the PayPal rules have been broken.

Now, it’s also important to mention that PayPal offers two different transaction types: PayPal Friends and Family and PayPal Goods and Services. The security measures regarding these transactions significantly differ. Here are the details.

PayPal Friends and Family

This option is for personal transactions (mostly when transferring money to people you know). While the general PayPal security features like data encryption and account protection are in place, others work only with PayPal Goods and Services. 

That said, make sure to avoid using this transaction type when making an online purchase or paying for any kind of service.

PayPal Goods and Services

Here, PayPal applies all security measures, including purchase and seller protection. When using this method, you can expect a refund if something goes wrong. 

Note however that when you use your PayPal account on a public Wi-Fi, you are more likely to be exposed to unauthorized persons to access your information irrespective of the nature of transaction that you are processing. To make sure that you are safe when browsing in places such as airports and restaurants through Wi-Fi, a VPN can be used to ensure that your data is secure on all the networks including those that are not secure (would read more on the same).

Having known the most significant security features of PayPal, now it is time to remember about the dark side of this popular online payment system.

Real-life examples of PayPal security issues

Here are several stories shared by users who experienced certain security disadvantages of PayPal, despite all the protection measures listed above.

• Urgent transaction! The sense of urgency is the favorite trick of most scammers to make you click on a spoofed link or download an infected file. For example, one Reddit user received a fake Coinbase invoice claiming that a $479 charge couldn’t be refunded after 48 hours. What makes this attempt special is that the malicious actors used the official email address of PayPal – [email protected] (in most cases, fishy messages come from impersonated addresses you can easily recognize).

Scammers on Paypal using [email protected] email
byu/Quiet_Optimist1 inpaypal

• Fake invoice. This type of PayPal scam has become the most common as the service’s invoice feature leaves much space for fraudulent activity. In the example below, the invoice reports an “unautorized $849 charge” for Amazon Fire TV.

What is up with PayPal? This fraudulent charge is showing as ‘canceled’ on my PayPal account, but the cancellation email I received from PayPal looks fake af. I get an error when trying to report the charge through PayPal.
byu/Oobled inScams

• Bitcoin scam. Crypto scams are another (and rather common) form of malicious activity, which may include the fake investments, pump-and-dump schemes, and others.As for PayPal users, they usually face the same old invoice trick. In the example below the potential victim was asked to call a suspicious phone number and install malicious Viewer software. 

Beware of the PayPal/ Bitcoin scam
by inScams

• Automatic payment fraud. Can you trust PayPal support when being scammed? According to another Reddit user, their response isn’t always as helpful as expected. The user reported that fraudsters managed to set automatic payments from PayPal to Meta. When the victim attempted to cancel these transactions, the fraud tickets were automatically shut down by PayPal. As a result, the user had to cancel the payment with the help of the bank, while PayPal support didn’t react properly for months.

PayPal scam that I stopped. But PayPal still is trying to put me in debt.
byu/Antique-Historian441 inpaypal

• “Mistaken” transaction. One more common PayPal scam described on Reddit is an “accidental” money transfer, where scammers then ask you to return the funds using another payment method. This usually happens when malicious actors hack somebody’s PayPal account and then try to withdraw the money avoiding direct transactions.

PayPal scam- do I just keep the money?
byu/CrazyPlantLady01 inUKPersonalFinance

At this point, we will discuss the greatest security threats related to PayPal in greater detail, such as phishing attempts and email scams.

Main risks of using PayPal

Although PayPal is generally safe, its vast user base of over 430 million account holders with a large volume of financial and personal information makes it an attractive target for scammers. The Better Business Bureau highlights that scammers often exploit PayPal to defraud customers of their money.

A more recent BBB report regarding the risks associated with online scams mentions PayPal among the most popular services and platforms used for impersonation. 

Common risks include phishing and identity fraud — the latter affected 40 million US citizens in 2022, with total losses equalling $43 billion. Most often scammers carry out such an attack through PayPal email scams. Those involve fake emails or links to fraudulent PayPal sites, where users are asked to provide personal payment details. Scammers use social engineering techniques to convince users to click on these fake links and share sensitive information or send money. 

Here’s a closer look at the most usual types of PayPal phishing email scams.

Common types of PayPal email scams

Scammers tend to create a sense of urgency so that you land on a spoofed website in panic or call an actual scammer — all to solve a fake problem. Here’s a closer look at the most common scenarios you may encounter.

• “Your account is about to be suspended.” Your account is going to be suspended. Fraudsters present themselves as PayPal customer service representatives and say that there is an issue with your account that should be addressed urgently.They can request you to provide your password on a bogus webpage. The passwords are only requested in the official login page at PayPal. To make any notifications, log in to PayPal and visit the Resolution Center.
• “You’ve received a payment.” Scammers try to deceive you into thinking you’ve received a payment. They aim to get your item for free. PayPal doesn’t ask for a tracking number via email. Always confirm payment by logging in to PayPal before shipping anything — your PayPal activity will show genuine payments.
• “You’ve been paid too much.” Fraudsters may say that they have overpaid you on a product. An example would be that they will email them saying that they paid $500.00 to acquire a camera that is worth 300 dollars. They will request you to send the camera with the extra 200.00 being refunded due to mistake. But they would have your thing and money without keeping their side.

And that’s just the tip of the iceberg. Fraudsters apply a lot of tricks and deceptive methods to provide you with an illusion of protection and steal your information or money. These are other typical PayPal scams that should be looked out:

• Fake payment confirmations. The scammers will email you that PayPal has confirmed your payment which you have not made. They would hope that you will panic and press a link to cancel the payment, which will take you to a phishing site.
• Charity scams. Scammers pose as charitable organizations and ask you to donate money through PayPal. They take advantage of your goodwill and steal your money.
• Shipping scams. As in the case of the purchase inquiry, the scammers will fake the identity of buyers and request you to send a product to another address, saying it is an error. They aspire to fool you into delivering the product without payment.
• Fake refund emails. Fraudsters email you saying that you have been refunded and request details of your bank account to do so.
• Fake invoices. Fraudsters send invoices of goods or services not ordered. They hope that you will make payment without noticing that the invoice is not genuine. Note that any PayPal user is able to invoice you. Thus, despite the email address being valid, it may seem that it is an attempt of a scam.
• Canceled invoices. You get an email saying your payment to a specific company didn’t go through. You see a phone number to reach PayPal or can follow a link for more details on the failed transactions — both are fake, of course.
• Family emergency scams. Bad people usually attempt to exploit emotional appeals to entrap you. For example, they may pose themselves as your friends or family members asking you for funds (usually with a sense of urgency involved). 
• Romance scams. When you just met a person on a dating site or app and he or she requests to send money through PayPal, then chances are that you are dealing with a fraudster. And even though a Tinder bot can be identified rather easily, in real life, scammers can impersonate sincerity and spend weeks or even months on your romantic interest.

But even if you’re familiar with all possible PayPal security risks, it can be quite challenging to spot them. Remember the story of a Reddit who received a fake Bitcoin invoice? In that case, the need to stop the invoice took precedence, ignoring common sense, until it was almost too late. That’s why you must know how to detect a PayPal email scam.

How can you spot a PayPal email scam?

The phishing attacks involving PayPal are not new, and even though the service is secure, the scammers still have access to the login information of the unsuspecting users. The best offense is to be educated on how to identify phishing.

These are the most important red flags to consider in order to identify and prevent PayPal scam:

🚩 Vague purpose of the email. PayPal mail is mainly used in sending payment messages, receipts and promotions.The rest of the account communications are done on the website or application of the service.

🚩 Impersonal greetings. Veritable PayPal mails will refer you using your name and not some generic expressions such as dear user.

🚩 Suspicious email address. The legitimate PayPal email addresses are paypalmail.paypal.com (to receive account statements and notifications) and servicepaypal.com (to receive receipts). In turn, a sender like “PayPal Service” ([email protected]) has nothing to do with the legit service.

🚩 Grammar mistakes. PayPal is a large renowned company that won’t send you emails or texts with bad spelling or grammar. If you see these mistakes, it’s a clear sign of a phishing scam. 

🚩 Unofficial domain name. Apart from paypal.com, PayPal also uses the domain paypal.me for sharing your account and sending money conveniently. Other than that, you may find yourself on an evil clone of the legitimate PayPal website.

🚩 A false sense of urgency. As stated, phishing emails usually cause panic when they address you with a request to update your account urgently. Rather than clicking on any links, log into PayPal and check whether there are any urgent account requirements.

🚩 Unknown links and attachments. Open only the attachments sent by trusted parties and watch out with the invoices issued by unknown companies or contractors as they might have viruses. Also, never click on unverified links, it can take you to spoofed websites where they request you to divulge your personal details.

Keep only open attachments, which are trusted, and be careful of invoices of companies or contractors with which you are not very familiar, as they can be a source of a virus. Moreover, do not press the unverified links, they might take you to the spoofed websites where they will request you to provide your private information.

🚩 Too-good-to-be-true offers. If a PayPal email tells you that you’ve won an enormous price or encourages you to buy an expensive product at a surprisingly low price, you’re probably dealing with some form of fraud.

You may also wonder what to do if you’re being targeted by PayPal scammers. The two key steps are as follows: 

1. Ignore the suspicious message. Don’t respond to it in any way and remove it from your inbox to the spam folder.
2. Report the questionable email or website to PayPal.

Here are some details on how to do that properly.

How to report a PayPal scam

If you’re dealing with a phishing email, forward it to [email protected]. Once done, delete the email from your inbox. If you’ve already clicked on a suspicious link or shared your info on a shady website, make sure to enter your PayPal account and change your credentials. Want to figure out what else you can do after clicking on a phishing link? Learn more details in our related blog post.

If somebody hacked your PayPal account or gained unauthorized access to your login credentials, you can use the service’s Report a Problem feature. Head to the PayPal Resolution Center and choose the transaction conducted by scammers. Then, follow the instructions provided by support managers. 

Lastly, in case of identity theft, it is recommended that you report to the relevant authorities as promptly as possible.

Now, let’s consider the most unfortunate scenario. Suppose you’ve already fallen victim to a PayPal scam. Will the service return your money then?

Will PayPal cover me if I get scammed?

PayPal guarantees a complete refund in the following cases, including situations with unauthorized transactions:

• If the purchased product arrived damaged.
• If the product doesn’t meet the description.
• If the product wasn’t delivered at all.
• If the transaction was unauthorized.

PayPal will qualify your refund request as eligible if it meets one of the conditions above and is sent within 180 days after the purchase. 

But the service won’t help you if the product has been delivered on time and matches the description yet doesn’t meet your expectations. Also, PayPal is unlikely to return your money if you’ve fallen to a phishing trick and willingly transferred your money to a scammer (for instance, used the Family and Friends option instead of Goods and Services).

With that being said, avoiding a scam is always better than dealing with its outcomes. Here are a few tips on how to protect yourself when using PayPal.

How to protected yourself from PayPal security risks

Now, how to avoid PayPal scams? The general principle to follow in this case is to verify the emails and transactions to ensure that they are authentic before providing personal details, financial information, or transmitting products to the purchasers.

Also, follow these tips for added protection:

• Use strong passwords. Get tough but memorable passwords that cannot be easily guessed by other people. Do not use simple information that can be easily guessed such as your birth date or 123456. Moreover, one should never share the same passwords across multiple accounts, which tends to lead to the credential stuffing attacks.
• Enable two-factor authentication (2FA). 2FA is a second procedure to the process of entering a password. This will assist in making sure that only you can access your account despite the fact that somebody may be aware of your password.
• Avoid public Wi-Fi. Wi-Fi networks in the public are not as safe and it is preferable to avoid using them when carrying out financial transactions. In case you have to use them, you should think about connecting to a VPN to provide an additional security measure.
• Check for PayPal email scams. To be cautious of emails and transactions, ensure that you have checked the red flags mentioned above to confirm the genuineness of emails and transactions before providing any personal or financial data.
• Use an antivirus software. Install antivirus programs in your gadgets to intercept and prevent viruses and other mischievous programs that may destroy your information. Scan the system on a regular basis to ensure that your device does not have malicious files.
• Use a VPN. It will make your Internet connection safe and will help provide the extra protection to it, in particular, when it comes to using shared networks (more about it later).
• Regularly check your account. Monitor your PayPal transaction details and account settings so as to identify any suspicious activity.
• Update your software. Keep your devices and apps up to date. Software updates often include security patches that help protect against vulnerabilities.
• Use credit cards. In case PayPal fails to provide a refund, credit card companies might offer additional protection as they often have better fraud protection than online payment services.

💡 Pro tip: For more details, please check out our recent blog article on how to keep your transactions safe.

Although PayPal secure measures help keep you safe online, it is worthwhile to go an extra mile to ensure that you are protected. Security software such as VeePN offers high protection of the threats of the Internet. The following are some of the few steps to secure your digital life.

How to use VeePN for PayPal

Follow these instructions to get started with VeePN and take advantage of its premium features to keep your PayPal transactions safe.

Step 1. Subscribe to VeePN

Go to the VeePN official website and open your account. Select the best pricing plan that fits your requirements. Nothing to fret about, as soon as it is ready you will have an opportunity to enable a trial period and free test the functions of the app. 

Step 2. Download VeePN on your device

Now it’s time to download the VPN app on your device. VeePN supports all major operating systems and platforms. Choose from the following solutions for enhanced privacy and security:

• VPN for Windows
• VPN for Mac
• VPN for Linux
• VPN for iOS
• VPN for Android

…and there’s more! Check out the full list of VeePN apps here. Note that you can secure up to 10 devices with a single VeePN subscription.

Step 3. Connect to a VPN server

Install the VeePN application on your computer or phone and sign in to your account. You will be requested to enable the app to make VPN settings in your device.

Next, choose the desired location to connect to. VeePN offers over 2,500 servers across 89 locations in 60 countries worldwide, including the US, the UK, Canada, Germany, Argentina, and more. Once you pick one of them, your Internet traffic will move through an encrypted tunnel to protect your data. Also, you will get an alternative IP address associated with the chosen location. 

For more info, feel free to check out our detailed guide on how to change your IP address with a VPN.

Step 4. Configure additional security settings

Go to settings of the app and enable the features that are necessary to secure your transactions online: ✅ B Lock out suspicious websites to avoid phishing, malware, and the rest.
✅ Turn off online tracking to prevent the undesirable monitoring of your actions.
✅ Turn on VPN Kill Switch to avoid data leaks in case your VPN connection fails to connect for any reason.

Step 5. Turn VPN on

Activate VPN by pressing the Connect button at the center of your screen. All set! From now on, your connection is protected from hackers, snoopers, and other online dangers.

Step 6. Activate VeePN Security Bundle

For even greater safety, head to your web account on the VeePN website and activate the Security Bundle in the VeePN Antivirus or Breach Alert tab. It will provide you with an extra protection layer:

• VeePN Antivirus detects and removes malicious programs and files, including viruses and malware, from your Windows or Android device.
• Breach Alert monitors the web and notifies you when your data is exposed due to a leak or security breach.

Stay safe online with VeePN = Reliable VPN + Antivirus + Breach Alert

VeePN defends your device from common vulnerabilities that scammers might use to target PayPal users. It will boost your online security by: 

• Hiding your identity. It prevents data loss by masking your real IP and other sensitive details about your connection, device, and online activities.
• Encrypting your data. It makes sure your data is unreadable by third parties.
• Blocking harmful attachments. It keeps you safe from dangerous email attachments and links.
• Identifying malicious websites. It warns you about websites and links that could be harmful.
• Stopping malware. VeePN Antivirus prevents viruses and spyware from harming your device.
• Warning about data leaks. The all-new Breach Alert function notifies you via email once your data is at risk of a breach. Thus, you can immediately change your credentials and keep your PayPal account protected.

VeePN works on all major operating systems and platforms — get the ultimate protection for your device and try the service risk-free!

Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.

Knowledge is power,
VeePN is freedom

Get VeePN Now

Download VeePN Client for All Platforms

Enjoy a smooth VPN experience anywhere, anytime. No matter the device you have — phone or laptop, tablet or router — VeePN’s next-gen data protection and ultra-fast speeds will cover all of them.

IOS and Android App

Want secure browsing while reading this?

See the difference for yourself - Try VeePN PRO for 3-days for $1, no risk, no pressure.

Start My $1 Trial

Then VeePN PRO 1-year plan