PayPal Coinbase Scam Explained: How Fake Crypto Charges Trick Victims
Written by: Thomas Orsolya
Published on:
The PayPal Coinbase scam is a phishing and impersonation scheme that uses fake PayPal invoices, fake Coinbase purchase alerts, or fraudulent support phone numbers to pressure people into acting quickly.
The message usually claims that a large Coinbase or Bitcoin transaction has been made through PayPal. In many cases, the goal is not only to make you panic about a fake charge, but to make you call a scammer pretending to be PayPal or Coinbase support.
Once the victim calls, the scam can escalate into remote access fraud, bank account theft, crypto wallet theft, or unauthorized payments.
Scam Overview
The PayPal Coinbase scam usually starts with an email that appears to be connected to PayPal, Coinbase, Bitcoin, Ethereum, or another cryptocurrency-related purchase. The email may say that your PayPal account has been charged for a Coinbase transaction, that a crypto purchase is pending, or that an invoice must be canceled immediately.
Some versions look like a regular phishing email sent from a fake address. Others are more convincing because scammers abuse legitimate invoice or money request systems to send messages that appear to come through real PayPal channels. PayPal specifically warns users about invoice and money request scams and advises reporting suspicious invoices directly through the PayPal website or app. Suspicious PayPal emails should be forwarded to PayPal’s phishing address and then deleted. (PayPal)
The scam often uses names such as:
Coinbase
Coinbase Global
Coinbase Inc.
Coinbase Support
PayPal Billing Department
PayPal Security Team
Bitcoin Purchase Department
Crypto Transaction Support
The invoice may claim you bought cryptocurrency worth $399, $499, $799, $889, $999, or another high amount. The exact number changes, but the psychological trick is the same: the amount is large enough to scare you, but not so large that it feels impossible.
A typical message may say something like:
“Your PayPal account has been charged for a Coinbase Bitcoin purchase. If you did not authorize this transaction, call support immediately.”
This is the trap.
The phone number in the email is not PayPal. It is not Coinbase. It belongs to the scammer.
Once you call, the scammer pretends to “help” you cancel the transaction. They may sound professional, calm, and urgent. They may claim your account has been hacked. They may say there are more pending transactions. They may ask you to download a remote access app, open your bank account, verify a code, or move your money to a “safe” wallet.
Coinbase warns that its customer service agents will never ask users to move funds, share a seed phrase, provide passwords or 2-step verification codes, or install software on a device. Coinbase also says it will never ask users to contact an unknown number to reach support.
That warning is important because the PayPal Coinbase scam is not just about a fake invoice. It is often a doorway into a much bigger fraud.
The scammers are counting on three things:
You recognize PayPal and Coinbase as real companies.
You panic when you see a large crypto-related charge.
You call the number before checking your real PayPal or Coinbase account.
In many cases, there is no actual transaction. The scammer only wants you to believe there is one.
How The PayPal Coinbase Scam Works
1. You Receive a Fake PayPal or Coinbase Email
The scam usually begins with an email that looks like a PayPal invoice, receipt, billing notice, or payment confirmation.
It may claim:
You purchased Bitcoin through Coinbase.
Your PayPal account was charged for a Coinbase transaction.
A Coinbase invoice is pending.
A crypto order will be processed within 24 hours.
You must call support to cancel the transaction.
Your account is at risk because of suspicious activity.
Some emails are poorly written and easy to spot. Others are more polished. They may include PayPal branding, invoice formatting, order numbers, transaction IDs, and fake customer service details.
Some versions may even come from a real PayPal notification system if scammers abuse invoice or money request features. That makes the email more confusing, because the message may appear to come from a legitimate PayPal domain even though the invoice itself is fraudulent.
This is why you should not rely only on the sender name. Instead, log in directly to your PayPal account by typing the address yourself or using the official app.
2. The Message Creates Panic With a Fake Crypto Charge
The scam works because cryptocurrency transactions feel serious and difficult to reverse.
Many people know that crypto payments can be risky. Scammers use that fear. They want the victim to think:
“What if someone bought Bitcoin with my PayPal account?”
“What if this charge is real?”
“What if I lose my money if I don’t act now?”
That panic is intentional.
The email may include phrases such as:
“Your account will be charged shortly”
“Transaction successfully completed”
“Payment authorized”
“If this was not you, call immediately”
“Failure to respond may result in permanent loss”
“Do not reply to this email”
The goal is to move you away from calm verification and toward fast emotional action.
3. The Scam Pushes You to Call a Fake Support Number
The most dangerous part of the PayPal Coinbase scam is often the phone number.
Instead of asking you to click a link, the message tells you to call a “billing support” or “fraud prevention” number. This makes the scam feel more legitimate because many people associate phone support with real customer service.
But the number belongs to the scammer.
Once you call, the scammer may pretend to verify your identity. They may ask for:
Your full name
Email address
Phone number
PayPal login email
Bank name
Debit or credit card details
One-time security codes
Coinbase account information
Crypto wallet details
They may also claim they need to connect to your phone or computer to cancel the transaction.
That is a major red flag.
4. The Scammer Pretends Your Account Is Hacked
After you call, the scammer may say they found suspicious activity on your account. This is where the scam shifts from a fake invoice to a fake security emergency.
They may claim:
Your PayPal account has been compromised.
Hackers are trying to buy more crypto.
Your Coinbase account is linked to fraud.
Your bank account is exposed.
You must act immediately to protect your money.
This creates a second wave of panic.
The victim called to cancel one fake charge. Now the scammer makes the situation seem much larger.
The scammer may then ask you to download remote access software such as AnyDesk, TeamViewer, Zoho Assist, or another screen-sharing tool. They may say this is required to “secure the account” or “reverse the charge.”
In reality, remote access lets the scammer see your screen, control your device, watch you log in, steal codes, and manipulate your banking or crypto account.
5. The Scammer Asks You to Move Money
In more advanced versions, the scammer tells the victim to move funds to a “safe account” or “secure wallet.”
This is especially common when the scammer is pretending to be from Coinbase or a crypto security department.
They may say:
“Your wallet is compromised.”
“Move your crypto to this new secure wallet.”
“Transfer your balance before the hacker drains it.”
“We need to verify your account with a temporary transaction.”
“Do not tell your bank, because this is an internal security investigation.”
These instructions are fraudulent.
If someone claiming to be Coinbase or PayPal asks you to move money, share codes, or install remote access tools, you are dealing with a scam.
6. The Victim May Be Charged, Drained, or Locked Out
Once scammers gain access, several things can happen.
They may:
Steal money from your bank account
Send PayPal payments to themselves
Buy gift cards
Purchase cryptocurrency
Transfer crypto to their own wallet
Change your account passwords
Add forwarding rules to your email
Steal saved browser passwords
Use your identity for more fraud
The fake invoice itself may not charge you automatically. But if you interact with the scammer, they may trick you into authorizing payments or exposing accounts.
That is why the safest response is to avoid the number in the email completely.
Common Red Flags of the PayPal Coinbase Scam
The Invoice Is Unexpected
If you do not use Coinbase, did not buy crypto, or were not expecting a PayPal invoice, treat the message as suspicious.
Do not assume it is real just because it uses a known company name.
The Email Pressures You to Call Immediately
Scam emails often include urgent language. They want you to call before thinking.
Real companies may send security notices, but they do not require you to use a random phone number inside an alarming invoice message.
The Phone Number Is Inside the Invoice Notes
Many PayPal invoice scams place the fake support number inside the message body, memo field, seller note, or invoice description.
That phone number is the scammer’s main tool.
The Message Mentions Bitcoin or Coinbase to Create Fear
Crypto-related wording is common because it sounds irreversible and technical. Scammers know many users are afraid of crypto fraud, so they use Coinbase and Bitcoin as pressure triggers.
You Are Asked to Download Software
No legitimate PayPal or Coinbase employee needs remote access to your device to cancel an invoice.
This is one of the clearest signs of a scam.
You Are Asked for a Code
Never give a one-time password, 2FA code, PayPal security code, Coinbase code, or banking code to someone who contacted you or someone you reached through a suspicious message.
Security codes are meant to prove that you are logging in. Scammers ask for them so they can log in as you.
You Are Told to Move Money to “Protect” It
Moving money to a “safe wallet” or “secure account” is a classic scam tactic.
Real support agents do not protect your funds by making you transfer them somewhere else.
What To Do If You Receive a PayPal Coinbase Scam Email
1. Do Not Call the Number
Do not call any phone number shown in the email, invoice, PDF, or message body.
Even speaking to the scammer can put you at risk because they are trained to create panic and manipulate victims.
2. Do Not Click Links or Open Attachments
Avoid links, buttons, PDFs, and attachments inside the message.
Open PayPal or Coinbase separately through the official app or by typing the official website address into your browser.
3. Check Your Real PayPal Account
Log in to PayPal directly.
Look for:
Recent activity
Pending invoices
Money requests
Unauthorized payments
Linked cards or bank accounts
Unknown login activity
If the invoice appears in your PayPal account, report it from inside PayPal. PayPal says suspicious invoices or money requests should be reported by logging into PayPal on the website or app. (PayPal)
4. Check Your Real Coinbase Account
Log in to Coinbase directly through the official app or website.
Look for:
Recent transactions
Login history
Security alerts
Linked payment methods
Unknown wallet activity
If you received a suspicious Coinbase-related email, Coinbase says phishing emails impersonating Coinbase can be forwarded to security@coinbase.com.
5. Forward the Email to PayPal
Forward suspicious PayPal messages to phishing@paypal.com, then delete the email. PayPal gives this guidance for suspicious emails and messages that appear to come from PayPal.
6. Block the Sender
After reporting, block the sender if your email provider allows it.
This will not stop every scam email, but it can reduce repeated attempts from the same address.
Realistic PayPal Coinbase Scam Text and Email Examples
Below are common examples of the wording scammers use in PayPal Coinbase scam emails, fake invoices, and text messages. The exact names, amounts, invoice numbers, and phone numbers can change, but the structure is usually the same: a fake crypto charge, urgent language, and a fake support number.
Example 1: Fake PayPal Coinbase Invoice Email
Subject: Invoice from Coinbase Global Inc.
Dear Customer,
You have successfully sent a payment of $699.99 USD to Coinbase Global Inc. using your PayPal account.
Transaction Details:
Invoice ID: PP-CB-984721 Merchant: Coinbase Global Inc. Amount: $699.99 Payment Method: PayPal Status: Pending Confirmation
If you recognize this transaction, no further action is required.
If you did not authorize this payment, please contact PayPal Billing Support immediately at:
Customer Support: +1 XXX XXX XXXX
This transaction may take up to 24 hours to appear in your account.
Thank you, PayPal Billing Department
Example 2: Fake Coinbase Bitcoin Purchase Alert
Subject: Your Coinbase Bitcoin Purchase Has Been Confirmed
Hello,
Your recent Bitcoin purchase through PayPal has been confirmed.
If you did not authorize this payment, you must contact PayPal Resolution Support immediately.
Support Number: +1 XXX XXX XXXX
Please do not attempt to dispute this through your bank until you speak with our billing team.
Sincerely, PayPal Resolution Center
Common Phrases Used in PayPal Coinbase Scam Messages
Scammers often repeat the same pressure-based wording across different versions of this scam. Watch for phrases like:
“Your PayPal account has been charged for Coinbase”
“If this was not you, call immediately”
“Coinbase Bitcoin purchase confirmed”
“This transaction cannot be reversed”
“Call our billing department to cancel”
“Your invoice will be processed within 24 hours”
“Do not reply to this email”
“Contact the fraud prevention team”
“Your account has been linked to suspicious crypto activity”
“Ignoring this message may result in automatic payment”
Why These Messages Are Dangerous
These texts and emails are designed to make the victim believe a real crypto transaction is happening. The fake charge is only the hook. The real scam begins when the victim calls the phone number, replies to the message, clicks a link, or follows instructions from the fake support agent.
A legitimate PayPal or Coinbase notice will never require you to call a random phone number from an invoice note, install remote access software, share security codes, or move money to a “safe” wallet.
What To Do If You Already Called the Scammer
If you called the fake number but did not share anything, you are probably safe. Still, be alert for follow-up calls, texts, or emails.
If you shared information or followed instructions, act quickly.
1. Disconnect Remote Access Immediately
If you installed remote access software, disconnect from the internet and uninstall the app.
Look for programs such as:
AnyDesk
TeamViewer
Zoho Assist
Supremo
UltraViewer
ScreenConnect
GoToAssist
If you are not sure whether the device is clean, have it checked by a trusted technician.
2. Change Your Passwords From a Clean Device
Use a different device that the scammer never accessed.
Change passwords for:
PayPal
Coinbase
Email account
Online banking
Apple ID or Google account
Any account saved in your browser
Start with your email account because it can be used to reset other passwords.
3. Enable Two-Factor Authentication
Turn on two-factor authentication for PayPal, Coinbase, email, and banking accounts.
Use an authenticator app or hardware security key when possible. Avoid SMS-based codes when stronger options are available.
4. Contact PayPal Directly
Use the official PayPal app or website to report unauthorized activity.
5. Contact Coinbase Directly
If your Coinbase account may be affected, contact Coinbase through official support channels only.
Do not use phone numbers from emails, search ads, social media comments, or pop-ups.
6. Call Your Bank or Card Issuer
If you shared banking details, card information, or allowed remote access while logged into your bank account, call your bank immediately.
Ask them to:
Freeze or monitor the card
Review recent transactions
Block suspicious transfers
Issue a new card if needed
Add extra verification to your account
7. Report the Scam
Depending on your country, report the scam to the relevant cybercrime or consumer protection authority.
In the United States, victims can report fraud to the FTC at ReportFraud.ftc.gov and internet crime to the FBI’s IC3 at ic3.gov.
If crypto was stolen, provide wallet addresses, transaction hashes, emails, phone numbers, screenshots, and any remote access details.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The PayPal Coinbase scam is designed to make a fake crypto charge look urgent and official. The email may appear to involve PayPal, Coinbase, Bitcoin, or a large pending transaction, but the real danger is usually the fake support number inside the message.
Do not call the number. Do not install remote access software. Do not share security codes. Do not move money to a wallet or account provided by someone on the phone.
Open PayPal and Coinbase directly, check your real account activity, report the message, and delete it.
The simplest rule is also the safest: if a PayPal Coinbase invoice appears unexpectedly, treat the phone number inside it as the scam.
FAQ
What is the PayPal Coinbase scam?
The PayPal Coinbase scam is a phishing and impersonation scheme where scammers send fake PayPal invoices, payment alerts, or Coinbase-related billing notices claiming that you bought cryptocurrency or that your PayPal account was charged for a Coinbase transaction.
The goal is usually to scare you into calling a fake support number, where scammers try to steal your money, account details, security codes, or crypto.
Is the PayPal Coinbase email real?
It may look real, but that does not mean the charge is legitimate. Some scammers abuse real invoice systems, while others send fake emails that only imitate PayPal or Coinbase.
Do not click links or call phone numbers from the message. Open PayPal or Coinbase directly through the official app or website and check your account activity there.
Why did I receive a PayPal invoice from Coinbase if I never bought crypto?
You may have received a fake invoice or money request designed to make you panic. Scammers often use Coinbase, Bitcoin, or crypto-related wording because people associate crypto transactions with urgency and irreversible payments.
In many cases, no real Coinbase transaction exists.
What should I do if I got a PayPal Coinbase invoice?
Do not pay it, do not call the number in the invoice, and do not reply to the email. Log in to PayPal directly and check whether the invoice appears in your account.
If it does, report it inside PayPal. If the email looks suspicious, forward it to PayPal’s phishing reporting address and delete it.
What happens if I call the phone number in the scam email?
You may reach a scammer pretending to be PayPal, Coinbase, or a fraud department. They may claim your account was hacked, ask you to install remote access software, request security codes, or tell you to move money to a “safe” account or wallet.
Do not follow their instructions. Hang up immediately.
Can scammers charge my PayPal account just by sending an invoice?
Usually, an invoice or money request does not automatically take money from your account. The danger is that scammers try to pressure you into paying it or contacting fake support.
Still, always check your PayPal account directly to confirm whether there was any unauthorized activity.
What if I already gave the scammer my PayPal or Coinbase login details?
Change your passwords immediately from a clean device. Start with your email account, then PayPal, Coinbase, banking apps, and any other important accounts.
Enable two-factor authentication, review account activity, remove unknown devices, and contact PayPal, Coinbase, and your bank if money or sensitive information may be at risk.
What if I installed AnyDesk, TeamViewer, or another remote access app?
Disconnect from the internet, uninstall the remote access app, and change your passwords from another device. Check your PayPal, Coinbase, bank account, email, and saved browser passwords for suspicious activity.
A trusted technician should inspect the device if the scammer had full access.
Can I get my money back after a PayPal Coinbase scam?
It depends on how the money was sent and how quickly you report it. PayPal payments, card charges, or bank transfers may sometimes be disputed, but cryptocurrency transfers are often difficult or impossible to reverse.
Contact PayPal, your bank, card issuer, or Coinbase immediately if you lost money.
How can I avoid PayPal Coinbase scams in the future?
Be suspicious of unexpected crypto invoices, urgent billing messages, and emails that tell you to call a phone number to cancel a charge. Always open PayPal and Coinbase directly instead of using links or numbers from an email.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
