I received a very scammy-sounding email informing me of a refund of overpayment in the amount of $0.01. The penny really is in my PayPal account. I have no other cash balance.
Obviously I’m not clicking on any links from the payer. I forwarded the notification email to phishing@paypal.com. But what do I do with the penny itself - just leave it there forever?
Amazingly, PayPal’s list of common scams does not include this case.
The penny over-payment is a well known scam. It’s also called a “carding” scam.
Ignore the penny.
Years ago I got a refund check for a few cents in the mail. Might even have been for one cent. I assume some automated system generated it. I never cashed it, daydreaming about screwing up their bank reconciliation. So a one cent refund payment isn’t in itself unheard of.
I can’t address the “scammy” tone of the email. If it has internal links it is encouraging you to click on I assume the scam is that they made the one cent deposit to convince you that the email is legit. May be rare because unlike most phishing schemes his one actually costs money per attempt and might be more targeted.
I’ve never heard of this specific scenario - at least not with PayPal as the receiving account.
I would be very wary about what happens next - this might be step 1 in a more complex scam where someone claiming to be from PayPal phones you (saying there has been an error) and tries to get you to do something that will cost you or breach your personal information.
Can you post some of the text body of the email? (redacting any sensitive details)
It’s a private individual I’ve never heard of; they referred to a $500.00 payment I made, which I didn’t; and included a phone number which is not a PayPal phone number. They didn’t specifically ask me to do anything, though.
PayPal itself helpfully provides a “Refund” button right next to the transaction; I assume the scammer would like me to click it. That option is obviously incorrect.
ETA:
If I didn’t make it clear before, the email is legitimately from PayPal itself; they’re correctly notifying me of a real transaction. It’s the purpose of the transaction that’s the problem.
Email from PayPal, which is identical to the language that appears next to the transaction in my account:
[redacted] sent you $0.01 USD
Amount
$0.01 USDNote from [redacted]
Thanks. . Your payment of $499. 99 has been successfully received, and the change has been applied. If this transaction was not made by you, kindly get in touch with PayPal Billing Team [phone redacted]
Transaction date
July 1, 2025Transaction ID
[redacted]
I assume you’ve googled the phone number ?
Right - I would say what this scam is, is: the phone number in the email would connect you to a call centre filled with scammers who will attempt to talk you into allowing them to make a remote connection to your PC, where they will then scam you into sending them a lot of money.
If you called that number, as the email suggests, which obviously you should not.
Scam, scam, scam, scam, scam.
Lovely scam!
In particular, what typically happens with those scams is:
If they take control after the victim has logged into their online bank,
why don’t they just transfer all the money out ?
Very devious! Thank you for all that.
Back to the question – what do I do with the penny? Let it sit there forever? Does it eventually just go away? My mom occasionally PayPals me real money, which I assume is not a scam attempt by her. If she does that in the future, my legit account balance will be commingled with that bad penny, which sounds slightly problematic, but maybe it’s NBD and the penny is simply mine to keep and spend freely?
Outgoing transfers may require additional authorisation that the scammers don’t have access to - for example to finalise a transfer to a new recipient on my online banking, I have to go through a verification process using an external ‘PINsentry’ device that exchanges codes.
So the scammers use this persuasion and misdirection technique to get the account holder to do all of that for them.
I don’t think there is any risk in clicking ‘refund’ in your paypal account (not a ‘refund’ link in an email though)
Ah yes. Now I remember that is indeed what I have to do (using
a card reader).
Thanks
This looks like the same scam as this, but they spend a penny to make it seem more legit. The main thing is to put the fake phone number into the text of the PayPal notice so they can send a real message directly from PayPal:
Here’s a really good video explaining how that works and how incredibly deceptive it is.
I’ve had bogus payment requests more than once, but they never worried me because they didn’t change the balance of my PayPal cash account.
Yeah, this is a new twist for sure.
I think you retire 4 seconds earlier than you otherwise would have and use the extra penny towards that.
I’ve watched a few of those scam baiters YouTubers (Kitboga?) And they have a victim type in the amount, to which they add a couple extra zeros.
The rest is exactly as you described.