The only way these scammers can "swoop" into your paypal account is if they have your password. This is why you should;
a) never use simple, easy-to-guess passwords.
b) never fall for those phishing emails that scammers send out, pretending to be from paypal.
My guess is most of these people were victimized by b), above. In the scamming trade, this is known as "social engineering." They use a phishing email to get your password, then a few months later, use that PW to break into your paypal account and do stuff like this...