PayPal scam – Happened to me, it could to you
I have been the victim of a PayPal scam. As a tech journalist who writes about identifying scams, I am both embarrassed and beating myself up over being sucked in. I should have known better.
This morning, I received an SMS from PayPal using its registered SMS number 0485 872 975. It stated that $199.99 had been debited to my account and that I should call +61 (2400) 35055, or it would be deemed approved. I was on the train at the time, so as soon as I was home, I logged into my PayPal account, and sure enough, the transaction was there with a different +61 (1800) 296982 number.
We do not have 2400 numbers in Australia, but we do have 1800 numbers, so I called and was answered by a very professional automatic call screening. I then pressed a number for the resolution centre for scams and unauthorised charges. So, no alarm bells yet.
I should have looked on the PayPal website for the real number 02 8223 9500.
A male with a solid foreign accent answered the call and asked for my mobile number (no alarm bells yet). He then proceeded to tell me that a debit of $199.99 was pending approval but had not been processed yet. Could I approve or dispute it? No, I did not recognise the seller, and yes, I was the only person who used the account.
He said that PayPal would have to raise a dispute with my bank (he knew the last four digits and expiry date of the credit card I use to pay PayPal) and he needed the full credit card number and CVV to lodge the dispute. I stupidly gave him the details. Now alarm bells were ringing. The script had been so convincing!
While we were on the phone, I used my computer, went into my PayPal account, and immediately changed my password.
I had a bad feeling that this was a PayPal scam
When I hung up, I went to my bank’s page and changed the password. Not before had several charges from companies in Jibla (Yemen, Kuwait) had thousands of dollars against my card.
I called the bank, and the fraud department reversed most of the ‘pending’ charges, but the first one slipped through. The bank had blocked the card after the first transaction as it was suspicious. It will be disputed, but it may be a lost cause.
The bank was most helpful and had handled many PayPal scams that day.
The advice given was that this is an AI-driven scam using information from the dark web, and the PayPal scam is to obtain the final missing pieces—in this case, the missing credit card numbers.
What can you do?
PayPal scams are common, but I would not have been scammed if I had taken my own advice.
- If you get a scam SMS or email, DO NOT CLICK ON ANY LINK
- Triple-check the phone number given to call via the website– NEVER USE THE NUMBER GIVEN IN THE SMS or EMAIL.
- If you call, NEVER GIVE INFORMATION LIKE CREDIT CARD NUMBERS OR CVV. Only do that with the bank.
- Before you call, go to the genuine website (PayPal) and log in to check if there is a suspect transaction. WHILE YOU ARE THERE CHANGE YOUR PASSWORD.
- Check your internet banking and credit card to see if there has been a fraudulent transaction. WHILE YOU ARE THERE, CHANGE YOUR PASSWORD.
- Change the credit card permissions to block international or internet transactions. In other words, leaving contactless payments and ones that require a PIN is OK.
- If you have been defrauded, immediately ask the bank to issue a new card and block the old one.
Stupid, stupid, stupid. This PayPal scam succeeded when I ignore hundreds of others each week.
