Payment Fraud in 2026: 10 Common Online Shopping Scams (FAQ + Safety Checklist)

Paying online should be simple: you buy something, you pay, it arrives. In 2026, scammers mainly win in two ways: pressure (“do it now!”) and confusion (fake pages that look exactly like the real shop, payment provider, or delivery company).

This guide from kingpay is for total beginners. No jargon. Just the scams you’re most likely to meet while shopping online using PayPal, cards, wallets (Apple Pay/Google Pay), “buy now, pay later”, and (instant) bank transfers.

A quick rule that saves people every day: Stop. Check. Open it yourself.
If something makes you feel rushed: stop, check, then open the app/website yourself (not via the link that’s stressing you out).

FAQ: The questions that matter most

1) What’s the fastest way to spot a payment scam?

Look for these 5 red flags:

• Time pressure (“10 minutes”, “final warning”, “account will be locked”)
• You’re asked to confirm a payment you didn’t expect
• A message pushes you to log in via a link (instead of you checking in your own app)
• Unusual requests (share a code, approve a “test”, install a support app)
• Deals that are too good to be true (massive discounts + only bank transfer)

2) What is “Smishing” and why does it matter for shopping?

Smishing = phishing by SMS. Typical texts: “Delivery failed”, “Payment declined”, “Verify your account” + a link. The goal is nearly always to send you to a fake site so you enter details or approve something.

Safe rule: Never pay or log in through SMS links. Open your bank, PayPal, wallet, or the shop directly.

3) What is “Quishing”?

Quishing = phishing via QR codes. It can be a QR code on a sticker, in a chat (“scan this to pay”), or on a printed sheet. The QR takes you to a fake site or sets up a payment to the wrong recipient.

Safe rule: Only scan QR codes from a source you truly trust, and ideally use a scanner that shows the destination address before opening it.

4) I got an email saying “please confirm your payment” — is it always a scam?

Not always, but it’s very suspicious if:

• you didn’t place an order,
• the email forces a login (“security update”), or
• it asks you to approve something “to cancel” or “to prevent fraud”.

Clean check: Open the shop/payment app yourself and check your order status there. If nothing is there, ignore the message.

The 10 most common payment scams (2026 edition)

5) Scam #1: The fake shop (too cheap, too polished, too rushed)

Typical signs: Huge discounts, only bank transfer, copied-looking “About” page, weak contact details, odd domain name.

Beginner 30-second check:

• Is there a proper imprint/company info, address, and support contact?
• Do they offer normal payment methods (card/PayPal), or only transfer?
• Does the domain look strange (extra words, hyphens, spelling tweaks)?

6) Scam #2: PayPal “Friends & Family” trick

For “Friends & Family”, there’s often no purchase protection. Scammers push it: “fees are too high”, “I’ll sell to someone else”.

Rule: For purchases, use Goods & Services or the platform’s official checkout.

7) Scam #3: Fake checkout pages (looks like PayPal / Klarna / card verification)

You click “Pay” and land on a page that looks real — but the address is wrong. You enter logins or approve a payment that goes to scammers.

Protection:

• Always glance at the web address (is the domain correct?)
• Safer: open the provider’s app/website yourself rather than logging in from a random tab

8) Scam #4: “Account locked” + “approve this to cancel / secure”

Classic trick: “security check”, “refund”, “storno”. In reality, you’re approving a real transaction.

Simple truth: If you approve a code/push prompt, you’re usually approving a real action. No legitimate “check” needs your approval.

9) Scam #5: Instant bank transfer scams (“it has to be now”)

Instant transfers are fast — which scammers love. They pressure you to send money immediately or use a “new bank account”.

Safe rule:

• Check the recipient carefully (name/IBAN)
• If someone claims “our bank details changed”, verify via a second channel (use the phone number from the official website, not the email)

10) Scam #6: Delivery fee / customs fee / “£2.99 to reschedule”

Small fees feel harmless, but the aim is often to steal card details or push you into a subscription.

Safe rule: Track parcels only via the delivery company’s official website/app, not via text links.

11) Scam #7: The “refund” scam

“Your refund is ready — confirm here.” The end result is usually:

• your details are stolen,
• you’re guided into approving something, or
• you’re told to install a “support” app.

Rule: Refunds are handled inside your account. Legitimate companies don’t need remote access to your phone.

12) Scam #8: Remote support app (“we need access to fix it”)

Scammers try to get you to install remote access tools, then steer you into payments or read sensitive information.

Rule: No genuine online shop needs remote control of your device.

13) Scam #9: Wallet confusion (Apple Pay / Google Pay) — are wallets unsafe?

Wallets are usually very secure (device lock + biometrics). The real risk is social engineering: someone convinces you that you must approve something.

Best practice:

• Keep Face ID/Touch ID/PIN on
• Turn on transaction alerts
• Only approve when you are actively paying right now

14) Scam #10: Account takeover (email first, payments later)

If someone gets into your email, they can reset passwords and take over shopping/payment accounts.

Top protection in 2026: Passkeys or 2FA

• Use passkeys where available
• Otherwise switch on two-factor authentication (2FA) (ideally via an authenticator app)
• Prioritise your email and payment accounts first

Safety checklist (beginner version)

Before you buy

• Turn on passkeys/2FA for email + payment accounts
• Quick shop check: company info, contact details, payment options, domain
• If possible, choose payment methods with dispute/protection (avoid bank transfer for unknown shops)

While paying

• Never approve a “code/push” to cancel or “for security checks”
• Don’t log in via links from texts/chats
• For transfers: check recipient details slowly
• Only scan QR codes from trusted sources

If something feels off

• Stop, take a breath, wait 5 minutes
• Open the app/website yourself and check
• Contact support using details from the official website (not from the message)

‍