ESET on tips to protect yourself from scams targeting PayPal users

PayPal, with 361 million registered users who make around 40 transactions per active account per year, is one of the largest online payment providers globally. Companies like Microsoft, Google Play, PlayStation Store, and Ikea, are among the sellers that offer online payment through PayPal. In this context, its users are often targeted by cybercriminals and scammers looking to get easy money, which is why ESET, a leading company in proactive threat detection, analyzed the most common scams against PayPal users and shared good practices when using the platform of payments.

Most common forms of deception:

PayPal is among the brands most used by malicious actors when it comes to phishing attacks. According to Francisco D’Agostino, writer in, it is common to see cybercriminals using this tactic and creating fake sites that pose as PayPal. For example, attackers send out a spam email alerting potential victim to unusual activity on their account, urging them to secure it urgently. These emails often include an embedded link that redirects the potential victim to a fake PayPal site, making it easy to steal your credentials and with it, your money.

In addition to trying to trick victims into entering the fake site with their credentials, cybercriminals can also try to persuade users to reveal personal data such as full names, addresses, credit and debit card details or even access to credentials. of the victims’ bank accounts. ESET warns that this combination of information can lead to identity theft, bank fraud, fraudulent purchases or empty bank accounts. It is very important that you never provide these personal data unless you are completely sure that the site is legit.

On the other hand, hoaxes were observed where cybercriminals issued false invoices that pretended to be part of a charity campaign. These campaigns featured an extra rare twist: the notification the potential victim received came from PayPal, and the invoice would appear in the panel of the victim’s PayPal account. The company began to solve the problem and eliminated the invoices reported as fraudulent, however, it is important to keep yourself updated on new ways to steal your personal data so you can take the necessary precautions to avoid a terrible situation like this.

There are other strategies that are common as well, such as so-called prize winner scams and more advanced forms of fraud.

  • In the case of prize scams, victims are notified that they have won something and that to receive that prize they have to pay a kind of transaction. However, since they did not participate in any sweepstakes or contests it is impossible that they won anything, so the only person who would benefit from a prize would be the scammer.


  • Advanced scams are similar except that instead of winning a prize, the victim is allegedly the beneficiary of an inheritance from a distant relative or a powerful businessman seeking redemption. This type of scam is commonly known as the Nigerian prince scam or 419 scam and they seek to make the victim pay alleged legal taxes, bribes and others in order to receive an inheritance that obviously does not exist.

In order to help you protect yourself, the company ESET has provide some tips that can help you improve your security in these platforms.

  • The simplest is not to carry out activities on the platform while connected to a public Wi-Fi network or a network that is not 100% trusted. Cybercriminals often use insecure public networks to infiltrate devices and attack data in transit.
  • Have a good password, or a passphrase, as it will be the first line of defense to protect yourself from potential attacks. In this regard, there are some common mistakes to avoid, such as recycling passwords or storing them in plain text. In case you create a strong password from scratch, a password manager can be helpful. Something that is certain is that saving them in plain text is not a secure option.
  • Have an extra layer of security enabling a double authentication factor (2FA) of those that PayPal offers the user. It can be the PayPal security key, an authentication via text message using a one-time PIN that generates a unique code for each login, or it is possible to connect the account with a double-factor authentication application to be installed on the device. Tech companies understand this situation, so they provide multiples ways to add hat extra layer in a friendly way.
  • If PayPal is used from the smartphone, it is possible to increase security by blocking the application using a 4-to-8-digit code or even adding a biometric lock such as a fingerprint.
  • Last but not least, have multifunction security solution installed on the device that can protect the device against most attacks. Some products can even protect payment and banking applications by providing an extra layer of security while operations are taking place.

As reported by Francisco D’Agostino, “PayPal continues to be one of the safest options for conducting financial transactions. However, as with any platform that handles financial operations, users must remain more vigilant to avoid falling into the Some of the various traps that scammers can set up to trick you into getting your hard-earned money. The implementation of proper security practices and the use of available security tools can go a long way toward protecting users from various scams and mishaps,” concludes Camilo Gutiérrez Amaya, Head of the ESET Latin America Laboratory.

That’s why is very important to also put some personal effort into this situation. We have to make it harder for them to get access to our money, in order to decrease the number of attempts for this. Have you been a victim of any of these attempts? If you have, then it is vital that you apply some security layers to your account. If you haven’t been part of any tries of scam, remain vigilant and take action as soon as you see something weird in your account.

To learn more about computer security, go to the ESET news portal: