Is PayPal Honey a Scam?

Show Notes

Welcome to Scams, Hacks and Frauds, where we explore real life fraud and hacking stories.  This week we ask Is PayPal Honey a scam? 

Discover the shocking fraud allegations against PayPal Honey in this deep dive into affiliate marketing scams.  Learn how the Honey scam allegedly uses cookie stuffing fraud to steal commissions from content creators.

We expose the hidden fraud mechanics behind this controversial browser extension, examine the Computer Fraud and Abuse Act violations claimed in court, and reveal how PayPal Honey scams may be costing your favourite creators millions. Plus, find out how to support creators without falling victim to affiliate fraud and scams.  

We publish new content every other Monday. The  10 minutes our episodes may save your wallet, and help protect your family.

If you like shows like "The Perfect Scam" or "Darknet Diaries" then this show might be for you.  

On our website you’ll find more computer hacking, identity fraud, impersonation, consumer rights and Romance Scams.  To find these and to access our transcripts, visit us at www.scamshacksandfrauds.com.

The transcript and spoken audio are available under the Creative Commons, Share Alike, With Attributions license. For more information on this visit creativecommons.org.  

Chapters

• 0:00: Introduction
• 0:38: What is PayPal Honey?
• 1:18: What is Affiliate Marketing?
• 2:19: PayPal Honey's effects on Affiliate Marketing and alleged Fraud
• 4:04: Why is PayPal Honey compared to the Dieselgate emmisions Fraud scandal?
• 5:47: The Court Case - Including Second Amended Complaint (Jan 2025)
• 7:57: Paypal Honey's Denial
• 8:32: Does PayPal Honey do what it promises, or is it a a scam?
• 10:42: How to support your favourite creators without getting scammed

Transcript

Before you click that coupon code, consider this: Could your favourite content creator be losing out—without you ever knowing? Today, we unravel the explosive claims against PayPal Honey. Is it a money-saving hero, or is it quietly skimming cash from the very creators you trust? Stick around—we’re breaking down the hidden mechanics, the lawsuit, and what you can do to keep your family (and your favourite creators) safe from Scams, Hacks, and Frauds.

So, what exactly is PayPal Honey? It's a tool separate from PayPal that promises to save you money on purchases you already plan to make, at the very stores you shop at. Honey claims a massive database of coupons from over 30,000 online stores across the United States, United Kingdom, Australia, and Canada. Simply download their free toolbar, and when you check out online, it scans its database and applies the best coupon code for you. Additionally, on certain sites, users can receive extra cashback—again, completely free of charge.

While this sounds appealing, you might ask: how does Honey make money? The answer involves affiliate marketing.

Affiliate marketing is like earning a digital finder's fee.  When you click on a link from someone’s website that takes you to a store, the site you clicked from often gets a cut of whatever you spend there. This concept is quite familiar today, especially on platforms like YouTube and TikTok, where your favorite creators tell you about a VPN, snack box, or other partnership. When you follow their link or use their code at checkout, not only do you benefit from a discount or other special deal, but the creator earns a commission for your purchase.

Paypal Honey does something similar.  When you’re shopping online, if you have their browser extension installed, it will search their database to see if there are any coupon codes, and if the site specifically works with PayPal Honey, it might use one of Honey’s codes, and the same sort of thing happens - you get a discount, PayPal gets commission.  

Often, sites will add a small file to your computer, called a cookie, so that if you leave the store and come back a few days later, the site or content creator you came from still gets the sale.  Remember that word, Cookie, because it's going to come up again.

So what happens when these collide? You’ve got both PayPal Honey, and you’ve clicked on a link from a YouTube video.  Well, there’s what should happen, and what the plaintiffs allege actually does happen.

The Plaintiffs say that PayPal Honey should only search for deals when explicitly instructed to do so. They claim that, regardless of whether PayPal Honey appears to offer a deal, say no deals are available, or if the user has any interaction with the toolbar—including dismissing the alert or closing the extension— this triggers the replacement of existing affiliate codes.

How does this happen? According to the plaintiffs, something unexpected occurs behind the scenes. They allege that this is accomplished by automatically opening a hidden tab for a few seconds that directs to the store's home page. The implications of this discovery run deep.

The plaintiffs claim that this "Secret Tab" replaces the cookie left when you clicked on the link from your favourite creator with one from PayPal Honey. This alteration makes it appear as if PayPal Honey, not the original content creator, referred you to the site. This act of "cookie stuffing," as described by the plaintiffs, allegedly deprives creators of their rightful commissions. Further, they argue that this conduct violates the Computer Fraud and Abuse Act.

Many of these creators were specifically paid to promote PayPal Honey; Honey’s former CEO Ryan Hudson has claimed to have paid over $100 Million to creators, but if these claims were right, these amounts were paid to some creators who were inadvertently promoting a tool that was putting its hand into their pocket, scamming them out of commissions from other promoters.

But some have gone even further, suggesting a Dieselgate-style fraud is underway. Dieselgate refers to the scandal where cars were equipped with software to cheat emission tests, running engines differently during tests to appear compliant. This quick-switch tactic is paralleled by claims against PayPal Honey's operation.

If creator Megalag is right - and he has shown practical experiments and PayPal’s honey code to back his claims  - PayPal operates in a similar way.  If the computer has a cookie showing it has visited one of the websites where affiliate marketing deals are made, then PayPal Honey acts as it should, presenting a “Honey is disabled” message when it detects you’ve used an affiliate link from someone else.  But in other cases, Megalag demonstrated that it was not doing this and continued replacing the affiliate codes and cookies with its own.

The same system also checks whether the word “Test” appears in your email address and, if it does, follows the rules correctly.  There’s also what Megalag called a master killswitch that could force the system to follow the rules at all times. Until that is triggered it doesn’t always present the disabled message when it should

Megalag also showed that PayPal Honey appears to have recently changed the rules to also check how many points an account has earned with PayPal Honey before deciding whether to follow the rules.

A further independent computer security researcher, Ben Edelman, has confirmed many of Megalag’s claims after Megalag shared his information with him, giving additional weight to his claims.

A number of creators have tried to take PayPal Honey to court over this alleged fraud, and so far, they haven’t had much success.  

The case was initially dismissed in November; the court seemed sceptical that any fraud had occurred here at all, that the case was speculative as to potential loss of earnings.

However, they were given permission to submit an amended complaint.  In their second Amended complaint, filed earlier this month, the Plaintiffs have spelled out exactly how PayPal’s alleged actions violate the Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, and more, with damages and unjustified enrichment amounts to be determined at trial.

Here’s how they explain it:

Who: Defendants have caused Plaintiffs and the Class to suffer damage and loss as

understood within the meaning of 18 U.S.C. § 1030. Defendants have deceived consumers, Merchants, and Affiliate Networks to defraud Plaintiffs and the Class. 

What: Defendants caused damage through, without limitation, the impairment of the integrity and availability of Plaintiffs’ and Class members’ Affiliate IDs. 

When: Defendants caused such damage and loss since as early as 2020 when PayPal acquired Honey and continue to do so on an ongoing basis. 

Where: Defendants caused such damage and loss through practices described herein that were conceived, reviewed, approved, and enacted from PayPal’s headquarters in San Jose, California. The harm and loss alleged herein occurred on consumers’ browsers and computers across the United States and throughout the Affiliate Marketing system, including Affiliate Network and Merchant systems.

How: Defendants caused loss through an interruption of service constituted by, without limitation,overwriting Affiliate IDs and redirecting communications within the Affiliate Marketing attribution system. Defendants’ actions without authorization, or in excess of authorization, caused damage and loss to Plaintiffs and the Class as a result of Affiliate Commissions being wrongfully paid to Defendants.

PayPal Honey has stated that the allegations in the court case and by Megalag are false, but acknowledged that Megalag does have access to some of its proprietary code and has requested that this not be shared. Ryan Hudson, the former CEO of PayPal Honey, has disputed many of Megalag's claims. However, he did suggest that last click attribution, as opposed to multi-click attribution, may indeed be a problem for other affiliates that honey is exacerbating.

Does PayPal Honey at least do what they promise their users? If you search for Coupon Codes, PayPal Honey sometimes adds a coupon code.  On that basis, PayPal Honey is not a scam.

But that's not the whole story.  Paypal Honey claims to scour the internet for coupons and has a  mechanism to accept new coupon codes.  However, PayPal Honey also allows retailers to block or remove codes - for its part, PayPal Honey’s former CEO Ryan Hudson confirms such a system exists, but says that when codes are removed in this manner, Honey (at least under his leadership) required the codes to be replaced with codes of equal value.

There are Legitimate reasons why a store might want some codes removed in this way.  Sometimes stores will issue one-time codes when something has gone wrong to encourage someone to come back and try again, or issue a code for your birthday, or even have a generic staff discount code. We’ll let you decide whether you think coupon codes are the best way to do these things.  

Megalag however was able to show that a previous app offered by Honey did not follow what Ryan had claimed, only requiring a single code to be active, and whilst Honey will in their advertising claim millions of coupons can be found on their service, their database only contained about 85 thousand, including expired coupons, and counts those coupons it knows are expired when telling you how many coupon codes it has available - branding them as “Honey Exclusive” codes.

The affiliate and coupon databases that Megalag accessed showed that many codes were removed at retailers' request, allowing those retailers to ban users from adding new codes.  Most affiliate networks indeed ban their affiliates from giving out other codes, meaning sites that specifically partner with PayPal Honey have the legal right to demand their removal.

So, although PayPal Honey sometimes offers valid coupon codes, this research suggests it doesn’t have nearly as many as they claim and actively hides or removes codes from users.  

Whether or not PayPal Honey is "scamming" creators remains unresolved, and ideally, the courts will clarify what did or did not happen. In the meantime, you might be wondering how to best support your favourite creators without risking being scammed.

Often, the best things you can do to support your favourite creators are free.  Share their videos with a friend or loved one, subscribe or follow them on their channel and social media, click like buttons, and leave a comment.  These tell the site that people are interested in their content and show it to more people.  It also helps if you watch their videos right through to the end, don’t just click play and close the window, thinking it's helping.

But there are financial ways to help as well.  Creators often encourage you to subscribe to them on Twitch or YouTube, join their Patreon, or make a donation through a platform like Ko-Fi.

These sites, however, do have to make their own money on this.  YouTube takes 30% of all subscriptions, with Twitch taking a similar share or even more.  On the other end of the scale, Patreon takes around 10% depending on the age of the account, whilst Ko-Fi is as low as 5%, however the creator may have to also pay transaction costs on top of this, but these direct amounts are likely to be better than the commision on buying something through an affiliate link, and some creators even offer bonus content if you support them directly.

And if you are going to use PayPal Honey or another toolbar that offers cashback or coupons, make sure it is disabled when using a link or coupon code from a creator you follow.

I’ve been Cee, and this has been Scams, Hacks and Frauds.  If you’ve ever wondered why Scammers and Fraudsters seem to love Gift Cards, especially when scamming the elderly, then our next episode is for you.  Remember to subscribe and share our content with those you care about so they can also be protected from Scams, Hacks and Frauds.