Online payment platform PayPal has become a prime target for scammers in recent years. With Christmas sales set to bring a wave of online discounts, cybercriminals are ready to exploit the excitement, and occasional carelessness, of online shoppers.

Cybersecurity experts at Hypernode have highlighted the most common PayPal scams to watch out for this festive season, alongside practical tips to stay protected.

Phishing emails remain one of the most popular methods for targeting PayPal users. These fraudulent messages, disguised as official PayPal communications, claim there’s an issue with the user’s account or a need to verify payment details. Victims who click the included links are taken to fake websites designed to steal login credentials or financial information. These emails often appear authentic, complete with PayPal logos and branding.

These scams lure victims with tempting offers such as cash rebates, discounts on future purchases, or online vouchers. With many genuine Christmas deals circulating, it can be hard to spot the fakes. However, these emails often link to convincing but fraudulent websites set up to steal personal information.

Scammers send emails claiming that a large purchase has been made using the victim’s PayPal account. For those making Christmas purchases, this can seem like a legitimate confirmation. For others, it triggers concern about an unauthorised payment. Either way, the email directs victims to a fake website to “verify” the transaction, stealing their login details in the process.

This scam manipulates buyers into using PayPal’s “Friends and Family” payment option under the guise of securing a great festive deal. The scammer takes the payment and disappears, leaving the buyer without a product or any recourse. PayPal’s Friends and Family option does not offer buyer protection, making it an easy target for fraud.

During the holiday season, scammers take advantage of weak passwords or outdated security settings to hack PayPal accounts. By using methods like credential stuffing, where hackers try login credentials stolen from previous data breaches, they can access accounts to siphon money or make fraudulent purchases.

Always check the sender’s email address carefully to ensure it’s from PayPal’s official domain (@paypal.com). Fraudsters often use subtle variations. Avoid clicking links in unsolicited emails, instead, log in to PayPal directly through the official app or website to verify claims.

Only use the “Friends and Family” option for transferring money to people you know and trust. When buying goods or services, always use PayPal’s “Goods and Services” option, which offers buyer protection.

Be sceptical of deals that seem too good to be true. Stick to known retailers or verified PayPal promotions. Cross-reference links in promotional emails with official retailer websites to confirm their legitimacy.

Add an extra layer of security to your PayPal account by enabling 2FA. This requires a one-time code (sent to your phone or email) alongside your password, making it far harder for scammers to access your account.

If you receive an unexpected order confirmation email, don’t click any links. Log in directly to your PayPal account to check for suspicious transactions or contact PayPal’s support team for clarification.

During busy shopping periods like the lead-up to Christmas turn on account notifications via the PayPal app or website. This way, you can quickly spot and act on any unusual activity.

Shop with reputable retailers and always check website URLs for errors or unusual endings (e.g., .net instead of .com). Look for the padlock icon in the browser bar to confirm a site is secure.

Milan Bosman, Commercial Director at Hypernode, commented: “Christmas has become a prime time, not just for bargain hunters, but for scammers too. Cybercriminals are increasingly taking advantage of the reduced vigilance that comes with the excitement of a great deal, and the rush to buy gifts for friends and family.

“With discounts now reaching record levels, distinguishing between genuine offers and scams has become harder than ever. By following these tips, shoppers can enjoy online Christmas shopping without falling victim to fraud.”