Quarantine Shopping: Is PayPal as Safe as You Think?
With the COVID-19 outbreak, online shopping has become more than just a way to purchase what you need. Today, we are using digital retail therapy as a way to reclaim our sanity while enduring self isolation and social distancing.
Unsurprisingly, statistics say e-commerce is booming in the first quarter of 2020. After all, it’s safer to buy groceries and books online than going outside. But only for our physical health.
Paying with PayPal is one popular way of purchasing goods online but does pose some significant risks to your digital identity. So, let’s put a metaphorical mask on your online persona by learning about the popular ways for cybercriminals to practise PayPal scamming.
PayPal scamming: developers fight back, but is it enough?
Is PayPal safe for buyers and sellers?
Usually, yes: its security rating is 912 out of 950. But hackers are evolving together with technology, and a massive service like PayPal is the perfect platform for credit card fraud attempts. No matter how hard PayPal support and their tech team work to protect clients, attackers always find new loopholes and vulnerabilities to exploit.
Did you know that PayPal encourages individuals and teams to probe its online security systems and defenses?
It’s true, they pay white hat hackers for revealing and reporting critical bugs that can be exploited by hackers. CyberNews is one of the teams constantly testing PayPal’s code integrity. Some of their latest findings show that PayPal’s entire authentication process can be bypassed if an attacker has your credentials. And if you think that stealing your PayPal login info is a problem, we have bad news for you.
Hackers can buy stolen credentials for as little as $1.50 on the darknet - a community of secret websites working behind an encrypted network.
CyberNews claims it's found a way to bypass PayPal’s phone or email verification. PayPal’s two-factor authentication called Authflow is triggered when a user tries to log in from a new IP address or device. So, hackers can buy stolen credentials, pass Authflow in minutes using the detected vulnerability, then do whatever they want with your account. Worryingly, that’s not all.
Injecting malicious code
The team also discovered hackers using PayPal’s SmartChart bug for injecting malicious code that will then be executed by the system. With this, hackers can capture a PayPal support agent session, then access the agent’s account. Retrieving sensitive information after this is a child’s play.
Paypal spam emails are another popular way of breaking into your digital wallet. Phishing for your info under the canopy of PayPal’s reputation is a widespread but easily defeatable tactic. Just remember that no matter how solid and trustworthy the email looks, PayPal will never ask for your password, bank account, or credit card details.
Also, watch out for fake Facebook messages suddenly prompting you to send money: your friend’s account could well have been hacked. After you transfer money to the “friend’s” bank account, the fake PayPal payment is reversed. However, you can’t do this with your bank transfer. So, if you do receive a similar message, call your friend or write to them through another platform to make sure it’s not a scam.
Not exactly friends or family
One more catch you should watch out for is paying via the “friends and family” option on PayPal instead of using the correct category of “goods and services.” Do not fall for such requests from sellers since this means you’re refusing buyer protection. So you’ll have limited rights to deal with your purchase if something goes wrong.
PayPal can be the victim too
It seems we’ve overlooked the fact that PayPal can be scammed by the buyer as well. The main risk for sellers is the ease with which buyers can dispute charges. Payments are usually challenged because of actual credit card fraud, unsafe or unarrived shipments, or dissatisfaction with the purchased goods. As you can see, both buyers and sellers have to be cautious not to fall for a scam.
How to minimize the risk of PayPal scamming
Knowing your data can’t be 100% protected is depressing, you need to do more than worry about it. There’s so much you can do yourself to protect your identity and money online. Following these simple tips will make your PayPal payments safer (and your #stayathome more bearable as well):
- Update PayPal to the latest version
- Don’t use public internet for financial transactions
- Don’t click on suspicious links in emails or messages
- Use a credit card as a funding method instead of the “instant transfer” option
As for the sellers, you should require signatures for expensive items, get proof of delivery from shippers, ship to verified addresses only, and clearly explain to the buyers all the limitations, possible confusing features, and defects of your goods in the description.
Keep calm and shop responsibly - PayPal support is doing a pretty good job securing its customers’ sensitive info. And for more protection, make sure you check out Clario.
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.