-
1. Emails with links
What’s going on?In this example, you’re told your account has been limited and you must click a link to log in and unlock your account. The site you visit may store your login credentials – your email and password – so that they can log in to your real PayPal account later.
What to look out forIt’s common practice for emails to include links to further information. However, before clicking on a link to log in or provide personal or financial information you should hover your cursor over the link, or tap and hold it on your mobile, to confirm the URL is a paypal.com.au or paypal.com address.
What you should doIf you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.
-
2. Emails with attachments
What’s going on?In this example, you’re told there has been an unauthorised attempt to access your account. The sender asks you to open or download an attachment which provides details of what you should do next.
What to look out forYou should never open email attachments unless you’re certain they’re from a trustworthy source. Attachments may contain malicious code which can infect your computer with a virus or give the sender access to or control of your computer. We’ll never send you an email with an attachment.
What you should doIf you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.
-
3. Emails with suspicious errors
What’s going on?In this example, you’re told of a suspected unauthorised transaction and asked to click a link to confirm your identity.
What to look out forCheck whether the email includes your first and last name – we’ll never use generic greetings like “Dear PayPal customer”. Also watch out for bad grammar, typos and old logos.
What you should doIf you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.
-
4. Emails stating a buyer has paid
What’s going on?In this example, the sender states they’re contacting you on behalf of PayPal. You’re told the buyer has paid but the money won’t be credited to your account until you’ve shipped the item. In some cases, the sender may demand you use a specific shipping service or wire money to them in order to have your funds released.
What to look out forSometimes payments you receive won’t be available to you immediately but they will always appear on your PayPal account. If you’re unsure, visit www.paypal.com.au and log in to your account and check your transaction history. If we’re holding a payment, we’ll let you know on the transaction details page if it’s safe to ship the item or not.
What you should doIf you receive an email like this, forward it to phishing@paypal.com.au then delete it and discontinue further communications with the buyer.
-
5. Requests to ship through a buyer’s agent
What’s going on?In this example, the recipient has listed their car for sale online and the buyer is offering to pay by PayPal. They state they’re unable to see the car or be contacted by phone as they’re offshore for work.
What to look out forIn this common scam, you’re asked to pay administrative costs or ship an item, usually through the buyer’s specified shipping agent at your cost, with promises of the funds being added to the total sale price. Once the sale is agreed upon, you’ll receive an email, claiming to be from PayPal, saying you’ve been paid. Always log in to your PayPal account to ensure you’ve received payment before shipping any item and only ship through your chosen shipping provider – don’t use a buyer’s agent.
What you should doIf you receive an email like this, report it to the site you’re selling your item on and cease communication with the buyer. Before shipping any item, always check the payment is available in your PayPal account.
-
6. Requests to send money using a wire transfer
What’s going on?In this example, you’re advised that you were sent too much money for a sale. The email, claiming to be from PayPal, asks you use an alternate payment service, in this case Western Union, to refund the excess payment to the buyer before funds will be released into your PayPal account. The email warns you should not contact PayPal.
What to look out forWe’ll never ask you to wire money through an alternate payment provider, no matter the reason. We will also never tell you not to contact us or that we’re unavailable to speak to you about a transaction. When receiving notifications of payment, always visit www.paypal.com.au and log in to your PayPal account to confirm the payment appears in your transaction history.
What you should doIf you receive an email like this, forward it to phishing@paypal.com.au then delete it. Do not communicate further with the buyer or their agents.
-
7. Coloured URL bars in your browser
What’s going on?On many internet browsers, suspicious URLs turn red to warn you the website could be fake.
What to look out forGenerally:
- Red means it’s a known phishing or fake website
- Yellow means the website is suspicious
- White means the webpage is not secure and should not request or display personal information
- Green means the page is secure and information you enter is encrypted
What you should doRegularly update your browser to ensure you’re using the most recent and secure version. Check your browser’s guidelines around how to more effectively identify phishing or fraudulent sites.
Your security is our top priority.
We help protect you when you buy and sell online but there are some things you should know and do to help keep you, your information and your money safer.
New to PayPal? Sign up now
Watch out for hoaxes, phishing and scams.
Online hoaxes are getting more sophisticated, making it tough to know whether an email, SMS or website is real. It’s important you learn how to spot the fakes so you stay safer online.

Hoax websites.
Hoax websites often look like the real thing.
- When logging in to banking, shopping or email sites, always look for “https” at the beginning of the URL – the “s” stands for secure
- Check for the padlock symbol in your browser’s address bar
- Make sure the URL is genuine. Phishers often create fake websites with URLs similar to the real one
- Enter site URLs straight into your browser’s address bar. Don’t rely on links in emails as they could be fake

Phishing emails.
The people behind phishing emails are experts in manipulation. Look out for:
- Generic greetings, like “Dear user”
- False links. Hover over a link or tap and hold it on a mobile device to see its destination
- Wrong, out of date or out of place logos or design
- Upsetting or urgent statements demanding you react immediately
- Bad spelling and grammar
- Requests for financial or personal information

Scams.
Scammers try to trick you into giving them money. Look out for:
- Offers to pay more than usual for an item
- Requests to use a buyer’s shipping company
- Amazing, too good to be true offers
- The promise of money in return for a favour
- A promise to donate to charity if you contact them
- Notifications of lottery wins
- Unsolicited job offers
See examples of scam and phishing emails
Create safer passwords and PINs.
- Make sure your password is at least 8 characters long and includes a mix of upper and lowercase letters, numbers and symbols
- Don’t use “password”, everyday words, your name, postcode, car registration number or any other easily guessed password or PIN
- Keep login, password and PIN details private; memorise them immediately and never write them down, don’t tell anyone what they are (not even family or friends), and don’t let anyone else see you entering them
- Change your password and PIN regularly and don’t use the same one on multiple sites
- Don’t let your browser save passwords or PINs for you
- Contact us immediately if you have forgotten a password or PIN, or if you suspect someone else is using them
Learn more about your liability for unauthorised transactions
Shop safely online.
- Only buy from reputable websites and online retailers
- Double check all details of your purchase before confirming payment
- Always log out of sites you’ve registered details with; closing the browser is not enough
- Check your bank and credit card statements carefully
- Make sure you have the latest antivirus software protecting your computer
Sell safely.
- Always make sure the funds are in your PayPal account before shipping the item
- Don’t include personal information when describing items for sale
- Make sure no personal details can be seen in the background of photographs of items you’re selling, e.g. house number or car number plates
- Consider setting up a separate email address for sales and customer service so your personal email account remains private
- If offering an item for pick up or personal delivery, don’t go alone and try to meet in a public place
Security on the move.
Smartphones and tablets need to be protected, just like your computer.
- Use a PIN or password to lock access to your device and ensure it locks automatically when not in use
- Turn on automatic updates for software and apps
- When installing new apps, review permissions and decide whether you’re comfortable granting the access being asked for
- Check your mobile bill for unusual charges
- Enable “Find My Device” so you can recover it or delete its content remotely if it’s lost or stolen
How PayPal protects you.
We use the latest security technology to help protect you from online fraud.
- We authenticate outgoing emails with DMARC technology. Participating email providers mark unauthenticated emails as hoaxes and send them to your spam folder or restrict their delivery to you.
- We have staff dedicated to answering your phishing email queries, identifying unauthorised transactions and working with local authorities to help stop scammers.
- When you communicate with us online, your data is encrypted.