If you ever venture into the dark web and look around some of the places were stolen credentials are sold you’ll discover there are a lot of PayPal accounts for sale. Seller’s price the accounts according to how much is in them, for instance a PayPal account with $10,000 deposited in it is going to cost more than an account that holds $2,000.

Sellers also offer instructions to the buyer on how to withdraw the money once they have bought the account. These instructions are standard fare and its unusual to find stolen PayPal accounts that don’t come with withdrawal instructions when they’re being offered for sale.

Of course the legitimate owners have no idea their PayPal account is for sale and will only discover it when the account has been emptied. This also applies to the untold number of payment card details, email addresses, passwords and more that are traded on the dark web.

The thing about PayPal accounts though is that very little work is required to get at the money once the account has been compromised. And with an estimated 392 million active PayPal account users in 2021 it’s a big target that offers rich picking.

So how do you protect your PayPal account from cyber criminals?

The first thing to understand is how the crooks get your details in the first place.

PayPal account problems

An e-mail that claims to come from PayPal and says something is wrong with the recipient’s account. All you need to do is click on the link and log in. If it’s a scam both your username and password go straight to the scammers. To avoid this scam, look for errors in the message and web addresses that do not match PayPal’s official address.

Advance payment fraud

Victims receive notifications that they are owed a certain amount of money such as a tax refund, inheritance, winning the lottery or similar. In order to ‘claim’ the money the victim has to make a small advance payment using PayPal and possibly fill out a form with personal details. Of course, the message sender disappears upon payment, and any personal data disclosed ends up for sale on the dark web or traded between criminal groups.

Charity and investments

During natural disasters and other events criminals will try to cash in on the misfortune of others by soliciting donations. Similarly investment opportunities, promising great profits without much of a risk are common. In both cases the scammers will request a donation or payment via a PayPal account. They might simply request a payment of even your PayPal account details to set up the payments. However, before you make any such payment do a serious check on the reputation of the organisation soliciting the payment.

General safety points
  • Look for red flags in messages such as grammatical mistakes, message that carry a sense of urgency and e-mail addresses and links that differ from the official ones, even if it is just by one letter or number.
  • Don’t trust messages unconditionally, always check their legitimacy. Millions of phishing mails swamp inboxes around the world every week.
  • Don’t trust an offer that seems too good to be true. It will without a doubt be a scam.
  • Make sure you’re using proven antimalware software to protect against malware hiding in emails and also flags up fraudulent web pages such as BullGuard Internet Security. With its multi-layered protection, including dynamic machine learning, it provides the best protection you can find.