PayPal Small Deposit Confirmation Scam: What This Warning Really Means
Written by: Thomas Orsolya
Published on:
A tiny PayPal deposit can seem harmless. It may be only $0.01, ₱0.01 PHP, Ft 1 HUF, or another very small amount.
But scammers are now using these small deposits to deliver fake security warnings.
The PayPal Small Deposit Confirmation Scam tells victims their account has been linked to a third-party wallet, that a small deposit confirms activation, and that a large payment, often around $980, will be processed soon. The message then pushes the victim to call a fake PayPal support number for help.
The small deposit is not the real threat. It is the bait.
Scam Overview
The PayPal Small Deposit Confirmation Scam is a fake support scam that abuses PayPal’s transaction note system. Scammers send a tiny amount of money to a victim’s PayPal account, then attach a frightening message claiming the account is connected to a third-party wallet or unauthorized payment system.
A typical scam message may say something like:
“Alert: Your account link to a third-party wallet. A small deposit confirms activation, and 980 USD will be processed soon. Call [scam phone number] for help.”
Other versions may use wording such as:
“Your PayPal account processed a payout by small deposit confirmation. If you authorized it, no action is needed. If not, contact PayPal Customer Care immediately to secure your account and request a refund.”
The details can change, but the structure is the same.
The scammer sends a tiny payment, claims it confirms a much larger transaction, and provides a fake customer support number. The goal is to make the victim panic and call before checking PayPal directly.
This scam works because the message can appear inside a real PayPal transaction. That makes it more confusing than a normal phishing email. The victim may think, “This is inside PayPal, so maybe it is real.”
That assumption is exactly what scammers exploit.
The payment may show as coming from a random person, a fake company, or a suspicious account. In some examples, the sender may use a normal-looking name and an email address that does not look connected to PayPal. The amount may be extremely small, such as ₱0.01 PHP or $0.01.
The note is where the actual scam happens.
Scammers use the note to create urgency. They may claim:
A third-party wallet was linked to your PayPal account.
A small deposit confirms activation.
A large charge, such as $980, will be processed soon.
A refund must be requested immediately.
Your account must be secured.
You must call PayPal Customer Care.
No action is needed only if you authorized it.
This wording is designed to make the victim feel they are about to lose money. The tiny deposit creates curiosity, while the warning creates fear.
The fake phone number is the main trap.
If the victim calls, they do not reach PayPal. They reach scammers pretending to be PayPal support, billing support, fraud prevention, account security, or a refund department. The person on the phone may sound professional and calm. They may pretend to “check the account” and confirm that a third-party wallet or unauthorized charge is active.
Then the scam escalates.
The fake support agent may claim that hackers have accessed the victim’s account. They may say the victim’s phone or computer is infected. They may insist that the $980 charge can be stopped only if the victim follows their instructions immediately.
In many cases, the scammer asks the victim to install remote access software such as AnyDesk, TeamViewer, UltraViewer, Zoho Assist, RustDesk, LogMeIn, or a similar tool. They may claim it is needed to cancel the payment, secure the account, process a refund, or remove hackers.
This is a serious red flag.
PayPal does not need remote access to your computer or phone to cancel a payment, investigate a transaction, or secure your account. A real PayPal support agent will not ask you to install screen-sharing software or give them control of your device.
Once scammers gain remote access, they may be able to see what is on the victim’s screen. They may watch the victim log into PayPal, email, online banking, card accounts, or crypto wallets. They may capture passwords, one-time codes, account balances, personal details, and other sensitive information.
The scam can then move into several theft methods.
One common method is the fake refund trick. The scammer pretends to refund the supposed $980 charge, then claims they accidentally refunded too much. They may use fake screens or browser manipulation to make it look like an overpayment happened. Then they pressure the victim to “return” the extra money through gift cards, bank transfers, wire transfers, cryptocurrency, or payment apps.
Another method is the safe account scam. The fake PayPal agent claims the victim’s money is at risk and must be moved to a secure account. There is no secure account. The money goes to the scammers.
A third method is gift card fraud. The scammer may say gift cards are needed to verify the account, reverse the charge, or complete the refund. They may ask for Apple, Google Play, Target, Walmart, Steam, or other gift card codes. Once the codes are shared, the money is usually gone.
The scam may also lead to identity theft. If the victim shares personal information, account details, screenshots, ID documents, or banking data, scammers may use that information later for more fraud.
The PayPal Small Deposit Confirmation Scam is especially deceptive because it turns an incoming payment into a fake warning. Most people are trained to worry about money leaving their account, not money arriving. Scammers use that unusual setup to bypass suspicion.
The key point is simple: a real PayPal issue should be verified only through PayPal’s official app or website. Do not call phone numbers shown in suspicious transaction notes. Do not click links from unexpected payment messages. Do not install remote access software because a caller tells you to. Do not buy gift cards, send crypto, or transfer money to cancel a charge.
The small deposit is just a lure. The real danger starts when you follow the instructions attached to it.
How The Scam Works
1. Scammers Send a Tiny PayPal Deposit
The scam begins when fraudsters send a very small payment to the victim’s PayPal account.
The amount may be:
$0.01
₱0.01 PHP
Ft 1 HUF
Another tiny amount in a foreign currency
The amount is intentionally small. It is enough to generate a notification and appear in the PayPal transaction history, but not large enough to look like a normal payment.
The victim may wonder why someone sent such a strange amount. That curiosity makes them open the transaction and read the note.
2. The Sender Name Looks Random or Fake
The payment may appear to come from an unfamiliar person, an odd email address, a fake company, or a generic business-style name.
This is another warning sign.
Scammers often use disposable accounts, compromised accounts, or fake identities. The sender name is not proof of legitimacy. It can be changed, rotated, or made to look like a normal person.
The scam does not depend on one specific sender name. It can be repeated with many names and different email addresses.
3. The Transaction Note Creates Panic
The transaction note is the heart of the scam.
It may claim your PayPal account has been linked to a third-party wallet. It may say a small deposit confirms activation. It may warn that $980 or another large amount will be processed soon.
The message may also say that if you authorized the transaction, no action is needed. But if you did not authorize it, you must call immediately.
This is psychological pressure.
The scammer wants you to believe two things at once:
A tiny deposit proves something was activated.
A large payment is about to be taken unless you act now.
That fear makes victims more likely to call the number without verifying it.
4. The Scam Message Provides a Fake Support Number
The message usually includes a phone number and labels it as PayPal Customer Care, PayPal Support, refund support, or account security.
This phone number is not PayPal.
It belongs to scammers or a scam call center. The number may use a U.S. area code or look ordinary, but that does not make it legitimate.
Scammers want victims to call because phone conversations allow them to apply pressure in real time. They can answer objections, sound official, and guide the victim step by step.
5. The Fake Agent Pretends to Verify the Account
When the victim calls, the scammer may answer as if they are PayPal support.
They may ask for:
Name
Email address
Phone number
Transaction ID
PayPal account email
Last four digits of a card
Device type
Bank name
Some of these questions may sound normal, but the purpose is to gather information and make the call feel official.
The scammer may pretend to search the transaction, then confirm the fake problem.
They may say:
“Yes, your account is linked to a third-party wallet.”
“A $980 charge is pending.”
“Your PayPal has been accessed from another location.”
“We need to cancel the activation immediately.”
“Your device may be compromised.”
“Please stay on the line while we secure the account.”
This is scripted. The fake agent is reinforcing the lie from the transaction note.
6. The Caller Claims Your Device Is Hacked
After the victim is worried, the scam often shifts from PayPal to device security.
The scammer may claim the third-party wallet was connected because the victim’s phone or computer is infected. They may say hackers are monitoring the device. They may warn that the account cannot be secured until the device is checked.
This is a classic fake tech support tactic.
It gives the scammer an excuse to ask for remote access.
7. The Victim Is Asked to Install Remote Access Software
The scammer may ask the victim to install an app such as:
AnyDesk
TeamViewer
UltraViewer
Zoho Assist
RustDesk
LogMeIn
ScreenConnect
They may describe it as a secure PayPal tool, refund verification app, cancellation portal, or anti-fraud support system.
That is false.
These tools allow someone else to view or control your device. Legitimate IT teams may use them in proper situations, but PayPal does not need them to resolve a payment issue.
If a supposed PayPal agent asks for remote access, end the call.
8. The Scammer Guides the Victim Into PayPal or Banking
Once remote access is active, the scammer may ask the victim to open PayPal, email, online banking, card accounts, or crypto accounts.
They may say this is required to:
Cancel the $980 charge
Disconnect the third-party wallet
Confirm a refund
Verify that funds are safe
Remove unauthorized access
Secure the account
This step is extremely dangerous.
The scammer may see passwords, account balances, card details, emails, verification codes, and personal information. They may also use the victim’s own device to approve activity.
9. The Fake Refund Trick May Start
In many versions, the fake agent says they will refund or cancel the pending charge.
Then they create a fake problem.
They may claim they accidentally refunded too much money. For example, they may say they meant to refund $980 but accidentally refunded $9,800.
They may use fake screens, edited pages, or simple browser tricks to make the victim believe money was added to their bank account.
Then they pressure the victim to send back the difference.
The requested payment method may include:
Gift cards
Wire transfer
Bank transfer
Cryptocurrency
Payment apps
Cash deposit
There was no real over-refund. The victim is sending their own money to the scammers.
10. The Safe Account Trick May Be Used
Another common method is the safe account scam.
The caller may claim the victim’s bank account is compromised and money must be moved to a secure account while PayPal investigates.
This is always a scam.
PayPal does not create safe accounts for customers. Banks do not ask customers to move money to unknown accounts for protection. Law enforcement does not ask people to transfer money during a phone investigation.
11. Gift Cards Confirm the Fraud
If the caller asks for gift cards, the scam is confirmed.
Scammers may claim gift cards are needed for:
Verification
Refund processing
Charge cancellation
Security deposits
Wallet removal
Account unlocking
No legitimate PayPal support process uses gift cards.
If anyone asks you to buy gift cards and read the codes over the phone, you are dealing with a scammer.
12. Scammers Try to Keep the Victim Isolated
The fake agent may tell the victim not to hang up, not to call the bank, not to open other apps, and not to speak with family members.
They may claim the case is confidential. They may say the bank is compromised. They may warn that calling PayPal directly will delay the refund.
These are control tactics.
Scammers know that a second opinion can stop the fraud. They try to isolate the victim until money is sent.
Common Scam Message Variations
The PayPal Small Deposit Confirmation Scam can appear in different wording. Scammers may change the amount, currency, sender name, and phone number.
Common message themes include:
Third-Party Wallet Activation
The note claims your account is linked to a third-party wallet and that the small deposit confirms activation.
This is meant to make you believe a hidden payment connection was created.
Pending $980 Payment
The message says $980, $987, or another large amount will be processed soon.
The exact amount may change, but the goal is the same: create panic.
Coinbase or Crypto Charge
Some versions mention Coinbase, Bitcoin, crypto wallets, or digital currency purchases.
Scammers use crypto because many people believe crypto payments are difficult to reverse.
Refund Confirmation
The note may claim the deposit is part of a refund process and that you must call to complete or cancel it.
This sets up the fake refund scam.
PayPal Customer Care Warning
The message may say to contact PayPal Customer Care immediately to secure your account.
The number provided is fake.
Small Deposit Confirmation
The phrase “small deposit confirmation” is used to make the scam sound official. In reality, it is just a transaction note written by the scammer.
Red Flags of the PayPal Small Deposit Confirmation Scam
Watch for these signs:
You receive a tiny PayPal deposit from someone you do not know.
The amount is extremely small, such as $0.01 or ₱0.01 PHP.
The note says your account is linked to a third-party wallet.
The note says a small deposit confirms activation.
The message warns that around $980 will be processed soon.
The message includes a phone number.
The phone number is presented as PayPal Customer Care.
The message uses urgent language.
The sender email does not look connected to PayPal.
The caller asks for remote access.
The caller says your device is hacked.
You are told to log into your bank account.
You are asked to buy gift cards.
You are asked to send crypto or wire money.
You are told not to contact PayPal or your bank directly.
The biggest red flag is any instruction to call a number from the transaction note. PayPal issues should be checked directly through PayPal’s official app or website.
What To Do If You Receive This Scam Message
If you receive a small PayPal deposit with a suspicious note, do not panic.
1. Do Not Call the Number
Do not call any phone number included in the transaction note.
Even if the message says the issue is urgent, do not use that number. Scammers put it there to trap you.
2. Do Not Click Links
Do not click links from emails, texts, or payment notes related to the deposit.
Open PayPal yourself through the official app or by typing the official website address into your browser.
3. Check Your PayPal Account Directly
Log into PayPal and review your activity.
Check for:
Unknown outgoing payments
Pending transactions
Linked cards
Linked bank accounts
Automatic payments
New addresses
Recent account changes
Security alerts
If the only activity is the tiny deposit, the warning is likely fake.
4. Report the Transaction to PayPal
Use PayPal’s official Help Center or Resolution Center to report the suspicious payment.
Include:
Sender name
Sender email
Transaction ID
Amount
Message text
Fake phone number
Date of the transaction
This helps PayPal investigate abusive accounts.
5. Do Not Reply to the Sender
Do not message the sender and do not ask who they are.
Replying can confirm that your account is active and that the message reached you.
6. Do Not Refund Manually Without Checking
Do not send money back to the sender unless PayPal instructs you through official support channels.
If you manually send a separate payment, you may create a new transaction that is harder to dispute.
7. Secure Your PayPal Account
Change your PayPal password if anything looks suspicious. Use a strong, unique password.
Enable two-factor authentication if it is not already turned on.
Also secure the email account connected to PayPal, because email access can be used to reset your PayPal password.
What To Do If You Called the Fake PayPal Number
If you called the number and spoke with the scammers, take action immediately.
1. End the Call
Hang up. Do not keep explaining. Do not argue. Do not follow any more instructions.
Scammers are trained to keep people on the phone.
2. Disconnect Your Device From the Internet
If you installed remote access software, disconnect from WiFi or mobile data immediately.
This may stop an active remote session.
3. Remove Remote Access Software
Uninstall any remote support tool the caller asked you to install, such as AnyDesk, TeamViewer, UltraViewer, Zoho Assist, RustDesk, LogMeIn, or ScreenConnect.
Restart the device afterward.
4. Change Passwords From a Clean Device
Use a trusted device that the scammer did not access.
Change passwords for:
Email
PayPal
Online banking
Credit cards
Coinbase or crypto accounts
Shopping accounts
Password manager
Social media accounts
Start with your email account.
5. Contact Your Bank or Card Issuer
If you logged into banking while on the call, shared card details, sent money, or bought gift cards, contact your bank immediately.
Ask them to:
Review recent transactions
Block suspicious transfers
Replace cards if needed
Add extra security
Freeze online access if necessary
Help dispute unauthorized charges
6. Report Gift Card Fraud
If you bought gift cards and gave the codes to scammers, contact the gift card issuer immediately.
Have your receipts and card numbers ready. Ask if the cards can be frozen.
Recovery is not guaranteed, but speed matters.
7. Scan Your Device
Run a full security scan. Check for suspicious apps, browser extensions, downloads, and account changes.
If the scammer had full access to your computer, consider having it inspected by a trusted technician.
8. Report the Scam
Report the incident to PayPal and your local fraud reporting agency.
If a fake company, Coinbase, or another brand was mentioned, report it to that company too.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
The safest approach is to treat unexpected payment notes as untrusted.
Use these rules:
Do not trust phone numbers inside PayPal transaction notes.
Do not call numbers from unexpected payment messages.
Do not click links from suspicious PayPal notices.
Do not install remote access apps for payment issues.
Do not log into online banking while someone is guiding you by phone.
Do not buy gift cards to cancel a charge.
Do not send crypto to reverse a payment.
Do not transfer money to a “safe account.”
Do not share one-time codes.
Always check PayPal directly through the official app or website.
If a message creates panic, slow down. Scammers use urgency because verification breaks the scam.
FAQ
What is the PayPal Small Deposit Confirmation Scam?
It is a scam where fraudsters send a tiny PayPal deposit and attach a fake warning message. The note may claim your account is linked to a third-party wallet and that a large payment, such as $980, will be processed soon.
Why did someone send me a tiny PayPal deposit?
Scammers send tiny deposits to make their message appear inside your real PayPal activity. The deposit gets your attention and makes the warning seem more believable.
Is the small deposit itself dangerous?
The deposit itself usually does not give scammers access to your account. The danger comes if you call the fake number, click links, install remote access software, share information, or send money.
Should I call the number in the PayPal transaction note?
No. Do not call phone numbers included in suspicious PayPal transaction notes. Contact PayPal only through the official app or website.
What does “third-party wallet activation” mean?
In this scam, it is fake wording designed to scare you. The scammer wants you to believe your PayPal account was linked to an unauthorized wallet.
Is the $980 pending charge real?
Do not assume it is real. Log into PayPal directly and check your account activity. If there is no outgoing payment or pending charge, the message is likely fake.
Will PayPal ask me to install AnyDesk or TeamViewer?
No. PayPal will not ask you to install remote access software to cancel a payment, process a refund, or secure your account.
What if I already called the fake PayPal number?
Hang up, stop contact, remove any remote access software, change important passwords from a clean device, contact your bank, and report the scam to PayPal.
What if I bought gift cards and gave the codes?
Contact the gift card company immediately with your receipt and card information. Ask if the funds can be frozen. Then contact your bank if you used a card to buy them.
How do I report the scam to PayPal?
Log into PayPal directly through the official app or website. Use the Help Center or Resolution Center to report the suspicious transaction and include the sender, transaction ID, amount, note, and fake phone number.
The Bottom Line
The PayPal Small Deposit Confirmation Scam uses a tiny payment to make a fake security warning look more convincing. The message may say your account is linked to a third-party wallet, that a small deposit confirms activation, and that $980 will be processed soon.
Do not call the number in the message. Do not click links. Do not install remote access software. Do not buy gift cards or move money.
Log into PayPal directly, check your account activity, report the suspicious transaction, and secure your account.
The small deposit is bait. The fake support number is the trap.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
