Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

PayPal fraud: What merchants should know

March 15, 2021

From overpayment to transport scams, what are among the commonest threats that retailers utilizing PayPal ought to be careful for?

With a complete cost quantity of US$247 billion, PayPal stays one of many extra well-liked on-line cost suppliers amongst main manufacturers and a wide range of smaller companies and distributors. Certainly, the cost large boasts 28 million registered merchants on its platform.

Nonetheless, in comparison with main, big-name corporations like Sony or Microsoft, smaller distributors, particularly people who promote objects as a sideline, don’t have the luxurious of getting a complete military of cybersecurity professionals manning their cyber-defenses. Because of this, smaller distributors are much more inclined to varied types of fraud and cyberattacks that menace actors can fling their method.


One of many popular scams that distributors should deal with are overpayment scams. On this situation the criminal masquerading as a daily buyer will ship a PayPal cost that’s greater than the value of the product or order. They’ll then notify the vendor that they made a mistake and despatched extra money than they have been charged and ask the service provider to wire them again the distinction. As soon as that has occurred the scammer will then contact PayPal and file a grievance citing numerous causes corresponding to that the product delivered was of inferior high quality or that their account has been compromised they usually didn’t buy something. Within the case of the latter you would possibly lose each cash and items if the scammer turns into eligible for a full refund

Alternatively, the cybercriminal could very nicely have used a compromised PayPal account or bank card. If and when the account/card holder realizes that there was unauthorized exercise on their accounts, they are going to report it, and you’ll lose the product you despatched and the cost in addition to incurring the transport prices.

Errors do happen occasionally, however within the case of overpayments it’s higher to err on the facet of warning. As a rule, overpayment could also be a transparent signal of fraud, so your greatest plan of action is to cancel the order.

Is it – or is it not – delivered?

There are numerous types of transport rip-off ways that fraudsters use, all of which have one frequent objective – to make a dent in your pockets.  For instance, a scammer could attempt to persuade the vendor to make use of the scammer’s transport account as a result of they will get a reduction or supply a greater worth than one of many ordinary supply providers. Nonetheless, if a vendor agrees to that, the criminal can simply ask the transport service to reroute the supply to a different tackle; this enables them to open up a grievance and declare that the products have been by no means delivered. The seller doesn’t have proof of supply and that implies that they incurred a three-fold hit to their pockets – they’re out of the product, paid for the transport charges and need to compensate for the shortage of supply, though they in actual fact, did ship the product.

RELATED READING: PayPal users targeted in new SMS phishing campaign

One other frequent tactic is rerouting scams the place the fraudster deliberately offers the fallacious transport tackle, and patiently surveils the net monitoring data. As soon as the transport firm provides a tag that the package deal couldn’t be delivered, the scammer contacts them with their “right” tackle and receives the product. Since there isn’t any proof of supply, the identical situation unfolds, and the vendor will get a triple whammy.

To guard your self from these sorts of scams its greatest to stay to your transport account and keep away from transferring cash to somebody you don’t know. You also needs to all the time ship the product to the tackle that the client acknowledged on the Transaction particulars web page. Moreover, you possibly can contact your transport firm and ban the client from rerouting any deliveries.

Good ol’ phishing

With PayPal being one of the most-spoofed brands in phishing scams, it’s fairly doable {that a} vendor could grow to be a goal of 1. One frequent situation that will happen is that the seller will obtain an e-mail informing them that their PayPal account has been suspended, which can trigger them to panic if the account is certainly one of their main sources of earnings. The e-mail could cite numerous causes together with that there was uncommon exercise on the account and for all intents and functions the e-mail could seem official, having all of the bells and whistles wanted to go off as the actual factor. For the vendor to get their account up and working once more, they’ll have to finish the steps outlined within the fraudulent e-mail, which is often a ploy to steal delicate knowledge and account credentials. If the goal falls for it, the scammer will get their grubby palms on the e-mail tackle, passwords, and possibly much more, or alternatively the e-mail could embody a hyperlink that can obtain malware onto the sufferer’s system.

It’s all the time greatest to scrutinize any unsolicited e-mail you get, particularly people who seem like customer support inquiries. You probably have doubts, it’s best to all the time contact the corporate instantly by means of the official contact kinds on their web site; higher secure than sorry. Utilizing a spam filter and a good, up-to-date safety answer ought to shield you from most phishing threats too.


Whereas this is probably not an all-encompassing checklist of the varied scams you possibly can bump into as a vendor on PayPal, they’re among the extra frequent ones, which gives you a normal concept of what to be careful for. Crucial factor is to stay vigilant and have a wholesome quantity of suspicion if one thing out of the strange happens. The most effective recommendation could be to all the time confirm something and every little thing that may elevate your eyebrows in suspicion, be it a particular request or an unsolicited e-mail.

Posted in SecurityTags:
Write a comment