Safety from hoaxes

 

Watch out for phishing

Online hoaxes are getting more sophisticated – making it tough to know whether an email, SMS or website is real. It’s important you learn how to spot the fakes so you stay safer online.

Identifying a phishing email

It can be difficult to spot a phishing email. The people behind them are experts at manipulating internet users.

Here’s some things that may indicate the email is a hoax :

  • Generic email greetings: We’ll always address you by your first and last name.
  • Attachments: We’ll never email you attachments or software updates.
  • Deceptive URLs or false links.
  • Wrong, out of date or out of place logos, design and type.
  • Upsetting or urgent statements demanding you react immediately.
  • Bad spelling and grammar.
  • Requests for financial or personal information.
  • Amazing, too good to be true offers.

See examples of hoax and phishing emails

Remember, we’ll never ask you to click a link in an email to provide your personal or financial information. If you receive an email asking you to provide these details, report it to phishing@paypal.com.au

Take the Fight Phishing Challenge

 

Check the funds are in your PayPal account

When you receive a payment notification for a sale by email, log in to your PayPal account to ensure the funds are shown before shipping the item.

  • 1. How to spot phishing emails

    Phishing emails are sent from people trying to "fish" (or "phish") for your information in order to steal your money or identity.

    Phishing emails often look similar to genuine PayPal emails. They may ask you to click on links to provide or confirm personal information, or open attachments that could install malicious software on your computer.

    If you receive an email that you think may be phishing, send it to phishing@paypal.com.au

    Remember:
    To access your account or provide us with information, always open a new browser, enter our URL (www.paypal.com.au) and log in to your account.

  • 2. Emails that include links

    This example tells a user their account has been limited and they need to click a link to restore access.

    Hover your cursor over links in emails and look at the bottom of your screen or above the cursor to see the real website address the link will take you to.

  • 3. Emails with attachments

    This example tells a user there have been unusual charges to a credit card linked to their account.

    Genuine PayPal emails will never ask you to click on a link or download an attachment to provide personal or financial information.

  • 4. Emails that are overly urgent

    This example asks the user to click a link to update their account otherwise it will be blocked.

    Beware of any email that is overly urgent or stressful in tone. PayPal will never say your account will be blocked or limited unless you click a link or provide your password or financial information.

  • 5. Emails with suspicious errors

    This example tells the user there has been an unauthorised transaction on their account.

    When you receive an email claiming to be from PayPal, look for suspicious elements such as bad grammar and old logos, as well as generic greetings and subject lines. PayPal will always address you by your first and last name.

  • 6. Emails saying a buyer has already paid

    This example tells a user they have been paid but the money won’t appear in their account until the item has been sent.

    Ignore emails demanding that an item you’ve sold be sent until you see the funds in your account.

    PayPal won’t use a third party to say payment has been received or ask you to email a non-PayPal email address.

    If you’re unsure if the email is from us, send the email to phishing@paypal.com.au and wait for a response or contact Customer Service  before responding or shipping the item.

  • 7.Buyer offers to pay by PayPal, then sends fake PayPal email

    This example sees a buyer offering to ship a car and pay for it using PayPal.

    This scam often seems legitimate. Once a sale is agreed, the seller receives a fake PayPal email to say they’ve been paid. The 'buyer' hopes the seller will ship the item or forward funds to a shipping agent without checking the money is actually in their PayPal account.

    Never send an item you have sold without first ensuring the funds are in your PayPal account.

  • 8.Send money using a wire transfer scam

    This example asks a user to send money using Western Union, despite saying it’s from PayPal.

    Fraudsters often ask for money to be wired as it’s the same as sending cash. Once it’s gone, it’s gone.

    If you’re shopping online, be wary of using a wire transfer service. We will never advise you to wire funds when conducting business through us.

  • 9. How to spot scam emails

    Scam emails can often lead to phishing attempts. Watch out for emails from strangers offering large sums of money in return for little or no effort.

    When it comes to scams, a general rule of thumb applies: If it sounds too good to be true, it probably is.

    Common scams include:

    • Rich widow.
    • Lottery win.
    • Requests to transfer money through a third party, such as Western Union.
    • Unsolicited job offer.
    • Friend in trouble.

    These scams are emails or SMSs from strangers offering money, usually in return for a small favour, or asking for money to get out of a difficult situation.

  • 10. Look out for red URLs

    On some internet browsers, suspicious URLs turn red to warn you the webpage could be a phishing site.

    Generally:

    • Red means it’s a phishing or fake website.
    • Yellow means the website is suspicious.
    • White means the webpage should not request or display personal information.
    • Green means the website is secure and information entered is encrypted.

    Please note, these are examples only and may display differently on different browsers.

  • 11. What to do if you receive a phishing email or SMS

    If you receive an email or SMS claiming to be from PayPal and you think it could be phishing, send it to phishing@paypal.com.au

    We’ll investigate and let you know if it’s genuine or not.

    Until we respond:

    • Don’t respond.
    • Don’t send any money.
    • Don’t click any links or open any attachments.
    • Don’t provide any information.
    • Delete the email.

    Remember:
    To access your account or provide us with information, always open a new browser, enter our URL (www.paypal.com.au) and log in to your account.

Back Next

Identifying a hoax website

Hoax websites often look like the real thing. Here are some things to bear in mind:

  • When logging in to banking, shopping or email websites, always look for 'https' at the beginning of the URL – the 's' stands for secure.
  • Check for the padlock symbol in your browser’s address bar.
  • Phishers often create a fake website with a similar URL to a bank or well-known business. Make sure the address is genuine.
  • Enter the address of sites you visit regularly straight into your browser’s address bar. Don’t rely on links in emails or from search engines as they could be fake.

Identifying a scam

Scams are approaches from strangers trying to trick you into giving them money. Look out for emails or SMSs that include:

  • Offers to pay more than usual for a product.
  • Requests to use or pay a buyer’s shipping company or agent. If the buyer sends you money for shipping by PayPal, ensure the funds are available in your account first. Be wary of buyers who insist you pay by wire transfer.
  • The promise of money in return for a favour.
  • A promise to donate money to charity if you contact them.
  • Notifications of lottery wins.
  • Unsolicited job offers.

Also beware of any unexpected emails from a friend asking for money. Their email account may have been hacked.

Helpful security links