Online shopping fraud does not always only affect shoppers. Unfortunately, vendors are also one of the main targets of cybercriminals who, according to ESET, are targeted through schemes that use PayPal.
With the acceleration of the growth of electronic commerce, which was already on an upward trend since the end of the 90s, in 2020, global sales on e-commerce platforms represent almost 18% of the total of the global commercial.
Sellers are also the target of fraud with e-commerce
However, this growth in transactions has also led to an increase in fraud. Here, despite the perception to the contrary, many of these cybercrimes target traders, not consumers.
One of the attack vectors is the PayPal payment system. This is probably the most used on small and medium sized e-commerce sites. He was already responsible for an annual transaction volume of around 250 billion dollars.
In effect, at the end of 2020, PayPal had registered a total of 28 million merchants using its platform to receive and make payments.
Note that, compared to large companies, smaller traders do not have the luxury of having a cybersecurity department. Not with professionals who are always on the lookout for possible cybercrime attempts.
The result is that these smaller companies are much more susceptible to various forms of cyber attacks.
That said, ESET has released some of the ways in which criminals try to extort money from merchants through PayPal. Next we have some of the main scams and how stores can guard against them.
1. Overpayment through PayPal
One of the most popular scams that PayPal sellers face is that of overpayment.
In this scenario, the criminal who pretends to be a normal customer. Then you send through PayPal a payment that is – purposely – higher than the order.
Soon after, you will then notify the seller that you have made a mistake and ask to be credited with the difference between the amount overpaid and the actual price of what you ordered. This is where the deception resides.
Once the refund has been made, the criminal will contact PayPal and make a complaint for a variety of reasons. These vary since the product received is of a lower quality than the one advertised or that your account has been compromised and, in fact, you did not intend to buy anything.
In the latter case, the seller may lose not only money but the product shipped. This if PayPal considers that the “buyer” is entitled to a full refund for his purchase.
PayPal, as a rule, gives buyers the benefit of the doubt
An alternative to this scam is that the criminal may have even used a compromised PayPal account. This is done through the previous theft of access credentials and / or credit card data.
Thus, if the legitimate owner of the account notices that there has been an unauthorized use and reporting, the seller will lose money, the product and also the costs of shipping the order.
Of course, mistakes always happen, but in the case of overpayments, it is best for the seller to exercise extra caution. This since this may be a sign of attempted fraud.
The best thing is to make a full refund right away, cancel the order and not send it.
2. The order that did not arrive
There are several scams that involve deliveries themselves, but the goal is always the same. That of circumventing the online store.
For example, the malicious buyer may indicate the wrong shipping address. This while keeping an eye on the order tracking number.
As soon as he sees the “undeliverable” label, the buyer contacts the carrier with the “correct address” and receives the product.
This allows you to file a complaint with PayPal and claim that you did not receive the product.
As the seller also does not have proof of delivery, he will suffer a loss to triple. This will be without the product, without the money and with delivery costs.
To avoid this type of scheme, the online store must ensure that the delivery address indicated coincides with that of the customer record and, consequently, the invoice for the transaction.
In addition, you can also notify the transport company in advance of not allowing the forwarding of orders. Furthermore, any undelivered order must be returned to the store.
3. Phishing “the old fashioned way”
Since PayPal is one of the most used brands in phishing scams, it is very possible that an online store will become a scam target.
A common scenario is for the seller to receive an email indicating that their PayPal account has been suspended. Something that can lead to a panic situation, given that PayPal is, in practice, a source of livelihood.
The email (fake, of course) may indicate several reasons for the “suspension” of the account, but it will always end up asking the seller to login with his credentials. Here, using the link included in the email, of course! This is the link that will take you to a website that, apparently, is PayPal.
A situation of panic and the rush to solve the (non-existent) problem may lead the seller to rush and effectively put his data on the fraudulent website and, from there, the attacker will have access to his account.
Enabling two-factor authentication is recommended
In addition to the common precautions to take with messages of this kind, the best advice we can give is to activate and configure the protection of your account through two-factor authentication.
That way, even in the worst possible scenario in which the seller effectively gave access data to your account, the cybercriminal will not be able to access it.
This is because an additional layer of security will always be requested to which only the legitimate account holder has access.
4gnews editors recommend:
*The article has been translated based on the content of https://4gnews.pt/paypal-e-usado-por-cibercriminosos-para-roubar-os-vendedores-alerta-a-eset/ by 4gnews.pt
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article. If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!