Is PayPal Safe? Assessing Real-World Cases to Understand Risks and Find Out Protective Measures

Is PayPal safe to use? A brief overview of key security measures

PayPal ensures safety for both sellers and buyers by securing and encrypting transactions. If you’re using the legitimate PayPal website via a secure connection, your personal information will remain safe during payments. 

The service offers top-notch security features, including SSL protocol and data encryption. To be more specific, let’s have a closer look at the key security measures offered by PayPal:

• Encryption: PayPal covers all transactions with 128-bit data encryption, using the Secure Sockets Layer (SSL) protocol. 
• Browser integrity checks: PayPal verifies if your browser meets security standards before allowing account access. If there’s any problem with your browser’s safety, you won’t be able to log in.
• Security key: A good password is usually not enough to protect an account from unauthorized access. That’s why PayPal also lets you set up two-factor authentication (2FA). You get extra protection with a one-time PIN sent to your phone.
• Fraud monitoring: PayPal sends automatic alerts for suspicious activities on all transactions. A team of security experts detects questionable transactions and does its best to prevent common types of fraud.
• Dispute resolution: PayPal assists in resolving disputes and conflicts that sometimes occur between buyers and sellers. Until an issue is resolved, the transaction is held up.
• Purchase protection: PayPal payment security program reimburses qualified purchases, including shipping costs, for cases like damaged items or non-delivery. You may even get a full refund if the product doesn’t meet the description, is critically damaged, or hasn’t been delivered.
• Seller protection: Sellers are safeguarded against false claims and chargebacks with evidence-based support. It means that even if a buyer submits an unreasonable complaint, the seller won’t lose funds as long as none of the PayPal rules have been broken.

Now, it’s also important to mention that PayPal offers two different transaction types: PayPal Friends and Family and PayPal Goods and Services. The security measures regarding these transactions significantly differ. Here are the details.

PayPal Friends and Family

This option is for personal transactions (mostly when transferring money to people you know). While the general PayPal security features like data encryption and account protection are in place, others work only with PayPal Goods and Services. 

That said, make sure to avoid using this transaction type when making an online purchase or paying for any kind of service.

PayPal Goods and Services

Here, PayPal applies all security measures, including purchase and seller protection. When using this method, you can expect a refund if something goes wrong. 

Keep in mind, though, that using your PayPal account on public Wi-Fi increases the risk of unauthorized access to your info, regardless of the transaction type you’re using. When using Wi-Fi at places like airports or restaurants, stay safe by using a VPN for secure browsing — it’ll encrypt your entire data on all networks, including unprotected ones (read on for more info).

Now that you’re familiar with the most important PayPal security features, let’s also consider the dark side of this popular online payment system.

Real-life examples of PayPal security issues

Here are several stories shared by users who experienced certain security disadvantages of PayPal, despite all the protection measures listed above.

• Urgent transaction! The sense of urgency is the favorite trick of most scammers to make you click on a spoofed link or download an infected file. For example, one Reddit user received a fake Coinbase invoice claiming that a $479 charge couldn’t be refunded after 48 hours. What makes this attempt special is that the malicious actors used the official email address of PayPal – [email protected] (in most cases, fishy messages come from impersonated addresses you can easily recognize).

Scammers on Paypal using [email protected] email
byu/Quiet_Optimist1 inpaypal

• Fake invoice. This type of PayPal scam has become the most common as the service’s invoice feature leaves much space for fraudulent activity. In the example below, the invoice reports an “unautorized $849 charge” for Amazon Fire TV.

What is up with PayPal? This fraudulent charge is showing as ‘canceled’ on my PayPal account, but the cancellation email I received from PayPal looks fake af. I get an error when trying to report the charge through PayPal.
byu/Oobled inScams

• Bitcoin scam. Crypto scams are a separate (and quite widespread) type of malicious activity that often involves fake investments, pump-and-dump schemes, and more. As for PayPal users, they usually face the same old invoice trick. In the example below the potential victim was asked to call a suspicious phone number and install malicious Viewer software. 

Beware of the PayPal/ Bitcoin scam
by inScams

• Automatic payment fraud. Can you trust PayPal support when being scammed? According to another Reddit user, their response isn’t always as helpful as expected. The user reported that fraudsters managed to set automatic payments from PayPal to Meta. When the victim attempted to cancel these transactions, the fraud tickets were automatically shut down by PayPal. As a result, the user had to cancel the payment with the help of the bank, while PayPal support didn’t react properly for months.

PayPal scam that I stopped. But PayPal still is trying to put me in debt.
byu/Antique-Historian441 inpaypal

• “Mistaken” transaction. One more common PayPal scam described on Reddit is an “accidental” money transfer, where scammers then ask you to return the funds using another payment method. This usually happens when malicious actors hack somebody’s PayPal account and then try to withdraw the money avoiding direct transactions.

PayPal scam- do I just keep the money?
byu/CrazyPlantLady01 inUKPersonalFinance

Now, let’s dive deeper into the most significant security risks associated with PayPal, including phishing attacks and email scams.

Main risks of using PayPal

Although PayPal is generally safe, its vast user base of over 430 million account holders with a large volume of financial and personal information makes it an attractive target for scammers. The Better Business Bureau highlights that scammers often exploit PayPal to defraud customers of their money.

A more recent BBB report regarding the risks associated with online scams mentions PayPal among the most popular services and platforms used for impersonation. 

Common risks include phishing and identity fraud — the latter affected 40 million US citizens in 2022, with total losses equalling $43 billion. Most often scammers carry out such an attack through PayPal email scams. Those involve fake emails or links to fraudulent PayPal sites, where users are asked to provide personal payment details. Scammers use social engineering techniques to convince users to click on these fake links and share sensitive information or send money. 

Here’s a closer look at the most usual types of PayPal phishing email scams.

Common types of PayPal email scams

Scammers tend to create a sense of urgency so that you land on a spoofed website in panic or call an actual scammer — all to solve a fake problem. Here’s a closer look at the most common scenarios you may encounter.

• “Your account is about to be suspended.” Scammers pose as PayPal support and claim there is a problem with your account that requires immediate action. They may ask you to enter your password on a fake webpage. PayPal only requests passwords on the official login page. For any notifications, log in to PayPal and check the Resolution Center.
• “You’ve received a payment.” Scammers try to deceive you into thinking you’ve received a payment. They aim to get your item for free. PayPal doesn’t ask for a tracking number via email. Always confirm payment by logging in to PayPal before shipping anything — your PayPal activity will show genuine payments.
• “You’ve been paid too much.” Fraudsters might claim they paid you too much for an item. For instance, they’ll send an email stating they paid $500.00 for a $300.00 camera. They’ll ask you to ship the camera along with the extra $200.00 paid “by mistake.” But all they want is both your item and payment, without fulfilling their part.

And that’s just the tip of the iceberg. Scammers use numerous tricks and deceiving schemes to give you a false sense of security and compromise your data or funds. Here are some other common PayPal scams to watch out for:

• Fake payment confirmations. Scammers send emails pretending to be PayPal confirming a payment you didn’t make. They hope you’ll panic and click on a link to cancel the payment, leading to a phishing site.
• Charity scams. Scammers pose as charitable organizations and ask you to donate money through PayPal. They take advantage of your goodwill and steal your money.
• Shipping scams. Similar to the purchase inquiry, scammers pretend to be buyers and ask you to ship an item to a different address, claiming it’s a mistake. They hope to trick you into shipping the item without receiving payment.
• Fake refund emails. Scammers send emails claiming you’re owed a refund and ask for your bank account details to process it. 
• Fake invoices. Scammers send invoices for products or services you didn’t order. They hope you’ll pay without realizing the invoice is fake. Remember, any PayPal user can send you an invoice. So, even if the email has a legit address, it can still appear to be a scam attempt.
• Canceled invoices. You get an email saying your payment to a specific company didn’t go through. You see a phone number to reach PayPal or can follow a link for more details on the failed transactions — both are fake, of course.
• Family emergency scams. Malicious actors often try to use emotional triggers to get you trapped. For example, they may pose themselves as your friends or family members asking you for funds (usually with a sense of urgency involved). 
• Romance scams. If you’ve recently met someone on a dating site or app and they ask you to transfer money via PayPal, you’re likely dealing with fraudsters. And while a Tinder bot is pretty easy to recognize, real-life scammers can fake sincerity for weeks or even months, embarking on your romantic interest.

But even if you’re familiar with all possible PayPal security risks, it can be quite challenging to spot them. Remember the story of a Reddit who received a fake Bitcoin invoice? In that case, the need to stop the invoice took precedence, ignoring common sense, until it was almost too late. That’s why you must know how to detect a PayPal email scam.

How can you spot a PayPal email scam?

PayPal phishing scams have been around for a long time, and despite the service’s security measures, scammers can still obtain login credentials from unsuspecting users. Your strongest defense is to learn how to recognize phishing attempts.

Here are the most critical red flags that will help you detect and avoid PayPal scams:

🚩 Vague purpose of the email. PayPal emails are primarily for payment notifications, receipts, and promotions. All other account communications are handled directly on the service’s website or app.

🚩 Impersonal greetings. Genuine PayPal emails will address you by your name, not with generic greetings like “Dear User.”

🚩 Suspicious email address. Legitimate PayPal email addresses are [email protected] (for account statements and notifications) and [email protected] (for receipts). In turn, a sender like “PayPal Service” ([email protected]) has nothing to do with the legit service.

🚩 Grammar mistakes. PayPal is a large renowned company that won’t send you emails or texts with bad spelling or grammar. If you see these mistakes, it’s a clear sign of a phishing scam. 

🚩 Unofficial domain name. Apart from paypal.com, PayPal also uses the domain paypal.me for sharing your account and sending money conveniently. Other than that, you may find yourself on an evil clone of the legitimate PayPal website.

🚩 A false sense of urgency. As mentioned, phishing emails often create panic by urging you to update your account immediately. Instead of clicking on any links, log in directly to PayPal to verify any urgent account needs.

🚩 Unknown links and attachments. Only open attachments from trusted sources, and be cautious with invoices from unfamiliar companies or contractors, as they may contain viruses. Also, avoid clicking on unverified links – those may lead to spoofed websites asking you to share your private information.

🚩 Too-good-to-be-true offers. If a PayPal email tells you that you’ve won an enormous price or encourages you to buy an expensive product at a surprisingly low price, you’re probably dealing with some form of fraud.

You may also wonder what to do if you’re being targeted by PayPal scammers. The two key steps are as follows: 

1. Ignore the suspicious message. Don’t respond to it in any way and remove it from your inbox to the spam folder.
2. Report the questionable email or website to PayPal.

Here are some details on how to do that properly.

How to report a PayPal scam

If you’re dealing with a phishing email, forward it to [email protected]. Once done, delete the email from your inbox. If you’ve already clicked on a suspicious link or shared your info on a shady website, make sure to enter your PayPal account and change your credentials. Want to figure out what else you can do after clicking on a phishing link? Learn more details in our related blog post.

If somebody hacked your PayPal account or gained unauthorized access to your credentials, you can use the service’s Report a Problem feature. Head to the PayPal Resolution Center and choose the transaction conducted by scammers. Then, follow the instructions provided by support managers. 

Finally, if you’re dealing with identity theft, report it to the appropriate authorities as soon as possible.

Now, let’s consider the most unfortunate scenario. Suppose you’ve already fallen victim to a PayPal scam. Will the service return your money then?

Will PayPal cover me if I get scammed?

PayPal guarantees a complete refund in the following cases:

• If the purchased product arrived damaged.
• If the product doesn’t meet the description.
• If the product wasn’t delivered at all.
• If the transaction was unauthorized.

PayPal will qualify your refund request as eligible if it meets one of the conditions above and is sent within 180 days after the purchase. 

But the service won’t help you if the product has been delivered on time and matches the description yet doesn’t meet your expectations. Also, PayPal is unlikely to return your money if you’ve fallen to a phishing trick and willingly transferred your money to a scammer (for instance, used the Family and Friends option instead of Goods and Services).

With that being said, avoiding a scam is always better than dealing with its outcomes. Here are the essential tips on how to protect yourself when using PayPal.

How to protected yourself from PayPal security risks

Now, how to avoid PayPal scams? The rule of thumb here is to check the emails and transactions to make sure they’re genuine before sharing personal info, financial details, or sending items to buyers.

Also, follow these tips for added protection:

• Use strong passwords. Create strong, unique passwords that are hard for others to guess. Avoid using easily guessable information like your birthdate or “123456.” Also, never use the same passwords for several different accounts, as it often results in credential stuffing attacks. 
• Turn on two-factor authentication (2FA). 2FA adds an extra step to the login process after you enter your password. This helps ensure that only you can access your account, even if someone knows your password.
• Avoid public Wi-Fi. Public Wi-Fi networks can be less secure, so it’s better to avoid them when making financial transactions. If you must use them, consider connecting to a VPN for an added layer of protection.
• Check for PayPal email scams. Check for the red flags listed above to verify the authenticity of emails and transactions before sharing any personal or financial information.
• Use an antivirus software. Install antivirus software on your devices to catch and block viruses and other harmful software that can compromise your data. Run regular system scans to make sure your device is free from malicious files.
• Use a VPN. It’ll encrypt your Internet connection and add a layer of security, especially when using public networks (more on that in a bit).
• Regularly check your account. Keep an eye on your PayPal transactions and account settings to catch any unusual activity.
• Update your software. Keep your devices and apps up to date. Software updates often include security patches that help protect against vulnerabilities.
• Use credit cards. In case PayPal fails to provide a refund, credit card companies might offer additional protection as they often have better fraud protection than online payment services.

💡 Pro tip: For more details, please check out our recent blog article on how to keep your transactions safe.

While PayPal takes steps to keep you safe online, it’s important to take your own measures to stay secure. Security software like VeePN provides strong protection against online threats. Here’s how to secure your digital life in several simple steps.

How to use VeePN for PayPal

Follow these instructions to get started with VeePN and take advantage of its premium features to keep your PayPal transactions safe.

Step 1. Subscribe to VeePN

Head to the official VeePN website and create your account. Choose the most appropriate pricing plan for your needs. No worries – once done, you will be able to activate a trial period and test the app’s functions for free. 

Step 2. Download VeePN on your device

Now it’s time to download the VPN app on your device. VeePN supports all major operating systems and platforms. Choose from the following solutions for enhanced privacy and security:

• VPN for Windows
• VPN for Mac
• VPN for Linux
• VPN for iOS
• VPN for Android

…and there’s more! Check out the full list of VeePN apps here. Note that you can secure up to 10 devices with a single VeePN subscription.

Step 3. Connect to a VPN server

Open the VeePN app on your device and log into your account. You will be asked to allow the app to configure your device’s VPN settings. 

Next, choose the desired location to connect to. VeePN offers over 2,500 servers across 89 locations in 60 countries worldwide, including the US, the UK, Canada, Germany, Argentina, and more. Once you pick one of them, your Internet traffic will move through an encrypted tunnel to protect your data. Also, you will get an alternative IP address associated with the chosen location. 

For more info, feel free to check out our detailed guide on how to change your IP address with a VPN.

Step 4. Configure additional security settings

Open the app’s settings and activate the essential features to protect your online transactions:

✅ Block malicious websites to stay away from phishing attacks, malware, and other threats.

✅ Block online tracking to avoid unwanted monitoring of your activities.

✅ Enable VPN Kill Switch to prevent data leaks when your VPN connection stops working for some reason.

Step 5. Turn VPN on

Activate VPN by pressing the Connect button at the center of your screen. All set! From now on, your connection is protected from hackers, snoopers, and other online dangers.

Step 6. Activate VeePN Security Bundle

For even greater safety, head to your web account on the VeePN website and activate the Security Bundle in the VeePN Antivirus or Breach Alert tab. It will provide you with an extra protection layer:

• VeePN Antivirus detects and removes malicious programs and files, including viruses and malware, from your Windows or Android device.
• Breach Alert monitors the web and notifies you when your data is exposed due to a leak or security breach.

Stay safe online with VeePN = Reliable VPN + Antivirus + Breach Alert

VeePN defends your device from common vulnerabilities that scammers might use to target PayPal users. It will boost your online security by: 

• Hiding your identity. It prevents data loss by masking your real IP and other sensitive details about your connection, device, and online activities.
• Encrypting your data. It makes sure your data is unreadable by third parties.
• Blocking harmful attachments. It keeps you safe from dangerous email attachments and links.
• Identifying malicious websites. It warns you about websites and links that could be harmful.
• Stopping malware. VeePN Antivirus prevents viruses and spyware from harming your device.
• Warning about data leaks. The all-new Breach Alert function notifies you via email once your data is at risk of a breach. Thus, you can immediately change your credentials and keep your PayPal account protected.

VeePN works on all major operating systems and platforms — get the ultimate protection for your device and try the service risk-free!

Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.

Knowledge is power,
VeePN is freedom

Get VeePN Now