Online payment platform PayPal has become a prime target for scammers in recent years. With Christmas shopping set to bring a wave of online discounts, cybercriminals are ready to exploit the excitement, and occasional carelessness, of shoppers.

Cybersecurity experts at Hypernode have highlighted the most common PayPal scams to watch out for this Christmas, alongside practical tips to stay protected.

Common PayPal Scams to Avoid

1. The “Problem with Your Account” Scam

Phishing emails remain one of the most popular methods for targeting PayPal users. These fraudulent messages, disguised as official PayPal communications, claim there’s an issue with the user’s account or a need to verify payment details. Victims who click the included links are taken to fake websites designed to steal login credentials or financial information. These emails often appear authentic, complete with PayPal logos and branding.

2. Promotional Offer Scams

These scams lure victims with tempting offers such as cash rebates, discounts on future purchases, or online vouchers. With many genuine Christmas shopping deals circulating, it can be hard to spot the fakes. However, these emails often link to convincing but fraudulent websites that are set up to steal personal information.

3. The “Order Confirmation” Scam

Scammers send emails claiming that a large purchase has been made using the victim’s PayPal account. For those making Christmas purchases, this can seem like a legitimate confirmation. For others, it triggers concern about an unauthorised payment. Either way, the email directs victims to a fake website to “verify” the transaction, stealing their login details in the process.

4. The Friends and Family Payment Scam

This scam manipulates buyers into using PayPal’s “Friends and Family” payment option under the guise of securing a great Christmas deal. The scammer takes the payment and disappears, leaving the buyer without a product or any recourse. PayPal’s Friends and Family option does not offer buyer protection, making it an easy target for fraud.

5. Unauthorised Access

Over Christmas, scammers take advantage of weak passwords or outdated security settings to hack PayPal accounts. By using methods like credential stuffing, where hackers try login credentials stolen from previous data breaches, they can access accounts to siphon money or make fraudulent purchases.

How to Stay Safe While Shopping

Hypernode experts recommend the following precautions to protect against PayPal scams:

1. Verify Email Senders and Links

Always check the sender’s email address carefully to ensure it’s from PayPal’s official domain (@paypal.com). Fraudsters often use subtle variations. Avoid clicking links in unsolicited emails, instead, log in to PayPal directly through the official app or website to verify claims.

2. Avoid Friends and Family Payments for Purchases

Only use the “Friends and Family” option for transferring money to people you know and trust. When buying goods or services, always use PayPal’s “Goods and Services” option, which offers buyer protection.

3. Be Cautious of Promotional Offers

Be sceptical of deals that seem too good to be true. Stick to known retailers or verified PayPal promotions. Cross-reference links in promotional emails with official retailer websites to confirm their legitimacy.

4. Enable Two-Factor Authentication (2FA)

Add an extra layer of security to your PayPal account by enabling 2FA. This requires a one-time code (sent to your phone or email) alongside your password, making it far harder for scammers to access your account.

5. Watch Out for Fake Confirmations

If you receive an unexpected order confirmation email, don’t click any links. Log in directly to your PayPal account to check for suspicious transactions or contact PayPal’s support team for clarification.

6. Monitor Your PayPal Account

During busy shopping periods like Christmas, turn on account notifications via the PayPal app or website. This way, you can quickly spot and act on any unusual activity.

7. Stick to Trusted Websites

Shop with reputable retailers and always check website URLs for errors or unusual endings (e.g., .net instead of .com). Look for the padlock icon in the browser bar to confirm a site is secure.

Milan Bosman, Commercial Director at Hypernode, commented:

“Cybercriminals are increasingly taking advantage of the reduced vigilance that comes with the excitement of online Christmas shopping for loved ones.

“With Christmas discounts circulating, distinguishing between genuine offers and scams has become harder than ever. By following these tips, shoppers can enjoy this festive season without falling victim to fraud.”

