Videos
So I just made a purchase (got influenced on IG) but I checked out through a paypal guest account. I initially thought I’ll be redirected to a log in page but in hindsight the email I entered was not registered to a paypal account and neither was the card that I used. So I guess that explains why I was automatically directed to guest checkout? I’ve been feeling a little sus about this company and I’m scared that it might be a scam if it only offered guest checkout on paypal. Any advice?
Purely as a guess: testing that your credentials work, and testing whether you are paying attention. If they know they can get away with this, they can set up a repeated slow drain on your account and you might never notice it.
Just an idea. When they get the email + IBAN info, they don't know yet if Paypal is allowed to emit IBAN transfer on your account.
Typically, in France, a company can not emit a transfer without prior explicit consent (which is a minimum security, better than nothing).
They don't care about the money and the good they have ordered. They needed to know if Paypal is allowed to drain your account or not.
How do they know if it worked
They have created an order on a shop that either:
- Allow "anonymous" customer, that is, with only an order number, you can check the order status and delivery. In that case, they only need to connect later on to check if the order was canceled.
- Allow to create an account with some email and a payment form with another email. In that case, you can ask the shop for the customer informations they have for that order, you'll likely get their email account (but this is likely of low value, temporary email).
How can they gain money
They won't gain money from you. Because you've reverted the transaction, it means that they'll see the order was cancelled. They don't care if it was cancelled because the IBAN account is wrong or because you're monitoring it, this simply mean they can move on to the next user in their list.
If you hadn't reverted the transaction (because you haven't see it), they would have seen the order delivered (and returned or not). This means you are negligent and they can then process further with level 2 scam (see below).
Level 2 scam
Once they know you're negligent, they only need to set up a (dumb) company using Paypal for checkout and selling services. They'll then set up some transactions for this company on your account. Since it goes through Paypal, and not through their company, your bank will accept the SEPA's transfer. They'll simply collect the money directly then.
Please notice that if they directly tried this with their stolen user list, many transfer will be reverted, leading to being banned by Paypal for fraudulent behavior. Doing the first step filtering with a legitimate company moves the "bad" behavior ranking onto it, not their.
What to do now?
Ideally, ask the bank to change your bank account (or open another bank account). If you can't do that, blacklist paypal from your allowed SEPA company, so they won't be able to use Paypal for their actions anymore. If you have other payment processing company allowed on your account, you should blacklist them all (like Stripe, ...). SEPA is made for direct transfer, it's not a tool that can be used by payment processing platform, since you can't identify the source anymore once it's on your account.