Anyone can send you a request for money on PayPal. If you pay it, well, that's your problem.
Today I turn on my phone and see a message saying my account is going to be suspended unless I pay a $6.75 fee. It is from "Account Service" and since the PayPal logo now looks a lot like the Pandora logo, I initially think those Pandora people are trying to scam me.
I log onto my e-mail and there is this message from PayPal:
|
| |||||||||||||||||||||||||||||
 |
|  | |||||||||||||||||||||||||||
|
|
I search online and there is no company called merchant castle or anything remotely like it.
What is going on here?
Well, since PayPal uses e-mail addresses as account names, anyone can purchase an e-mail address list and then set up a PayPal account and send out thousands, if not millions, of requests for small amounts of money. Since they are so small and the message given from "account service" is so vague, a lot of people will click on "pay bill" and not think anything of it.
If you send out a million requests and 1 in 1000 pay, well, you've netted $6750 without much effort. Send out 100 million such requests, and you've netted $675,000. Nice work if you can get it.
It is just another variation on the Invoicing Scam, only this time with PayPal. PayPal should be policing this sort of thing - noticing, for example, when a new account sends out thousands of requests for money right away.
Sadly, it isn't easy to report these scams on PayPal. There is no "this is a scam" button to press when you get the request - you have to wade through pages of FAQs and menus to even report such a thing. PayPal is complicit as they get fees from each transaction.
In fact, after about a half-hour of trying to navigate PayPal's site, I cannot find a way to report a fraudulent transaction. When I get to the "report a problem" page, it merely goes to a list of recent transactions, with no way of indicating which is fraudulent. The only thing you can do, from what I can see, is send an e-mail to spoof@paypal.com, but that is for fake e-mails. The e-mail is legit from PayPal, it is only the money request that is fake.
Clicking on "security" only goes to a page about buyer protection. PayPal is willfully dropping the ball here.
Security on PayPal is a joke - not when someone can set up a PayPal account and just start billing millions of people for fake invoices.
UPDATE: I tried to "contact" PayPal through their messaging center. This is the response I get:
UPDATE: I tried to "contact" PayPal through their messaging center. This is the response I get:
PayPal Assistant
9:18 AM
I can transfer this conversation to an agent. The estimated response time is a few hours.
Our customer service staffing is limited due to the coronavirus (covid-19) crisis. We've put together some useful information in the Help Center to quickly resolve your issue. I'll stay here while you take a look.
After I transfer the conversation, you can close the window and come back to it when it’s convenient for you. When we respond, we’ll send you a notification with a link to the Message Center where you can reply.
Would you like to transfer this conversation to an agent?
UPDATE: In response to my e-mail to spoof@PayPal.com I get the following less-than-helpful response:
Thank you for your email. We've provided some information below to help
you with your question.
If you have questions regarding your dispute or claim, please visit our
Help Center or view your dispute or claim in the Resolution Center. You
can visit the Resolution Center by clicking Help & Contact at the bottom
of any page, then click Resolution Center below the search bar.
If you notice an unauthorized transaction on your account please click
Help & Contact at the bottom of any page then click Contact Customer
Service. On the next page click Password and account access, then click
Report unauthorized access or unknown charges. On this page we'll
provide you steps to file a report online, or the option to call or
email us.
If you'd like to contact us, please click Help & Contact at the bottom
of any page, then click Contact Customer Service and select the reason
for your contact.
Thanks for being a PayPal customer,
PayPal Security
******************************
Please do not reply to this email. If you need to contact us, please
click Help & Contact at the bottom of any PayPal page.
******************************
For the record, there is no "Help & Contact" at the bottom of ANY PayPal page, but a help tab at the top. PayPal clearly has a lot of outdated HTML. And their help and fraud reporting is, well, non-existent at this point. I am wondering whether I should just close my PayPal account at this point, as it appears if some sort of fraudulent debit did occur, I would have no way to address it. For example, if I mistakenly clicked on "PAY" which I assume many may do, there is no real way to reverse this in a timely manner.
Is PayPal circling the drain?
UPDATE: on the PayPal Forum from June 9th, is a posting about this same problem. Apparently PayPal has been aware of this for some time as one of their moderators posted a response. Why PayPal hasn't taken down the account of the person issuing the spurious money request is beyond me, other than every time somebody pays this unnecessary fake bill PayPal makes a couple of pennies.
UPDATE: on the PayPal Forum from June 9th, is a posting about this same problem. Apparently PayPal has been aware of this for some time as one of their moderators posted a response. Why PayPal hasn't taken down the account of the person issuing the spurious money request is beyond me, other than every time somebody pays this unnecessary fake bill PayPal makes a couple of pennies.
