Your security is our top priority.

We help protect you when you buy and sell online but there are some things you should know and do to help keep you, your information and your money safer.

New to PayPal? Sign up now

Watch out for hoaxes, phishing and scams.

Online hoaxes are getting more sophisticated, making it tough to know whether an email, SMS or website is real. It’s important you learn how to spot the fakes so you stay safer online.

  • 1. Emails with links
    What’s going on?

    In this example, you’re told your account has been limited and you must click a link to log in and unlock your account. The site you visit may store your login credentials – your email and password – so that they can log in to your real PayPal account later.

    What to look out for

    It’s common practice for emails to include links to further information. However, before clicking on a link to log in or provide personal or financial information you should hover your cursor over the link, or tap and hold it on your mobile, to confirm the URL is a paypal.com.au or paypal.com address.

    What you should do

    If you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.

  • 2. Emails with attachments
    What’s going on?

    In this example, you’re told there has been an unauthorised attempt to access your account. The sender asks you to open or download an attachment which provides details of what you should do next.

    What to look out for

    You should never open email attachments unless you’re certain they’re from a trustworthy source. Attachments may contain malicious code which can infect your computer with a virus or give the sender access to or control of your computer. We’ll never send you an email with an attachment.

    What you should do

    If you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.

  • 3. Emails with suspicious errors
    What’s going on?

    In this example, you’re told of a suspected unauthorised transaction and asked to click a link to confirm your identity.

    What to look out for

    Check whether the email includes your first and last name – we’ll never use generic greetings like “Dear PayPal customer”. Also watch out for bad grammar, typos and old logos.

    What you should do

    If you’re unsure if an email you’ve received is really from us, forward it to phishing@paypal.com.au then delete it. We’ll let you know if it’s real or not.

  • 4. Emails stating a buyer has paid
    What’s going on?

    In this example, the sender states they’re contacting you on behalf of PayPal. You’re told the buyer has paid but the money won’t be credited to your account until you’ve shipped the item. In some cases, the sender may demand you use a specific shipping service or wire money to them in order to have your funds released.

    What to look out for

    Sometimes payments you receive won’t be available to you immediately but they will always appear on your PayPal account. If you’re unsure, visit www.paypal.com.au and log in to your account and check your transaction history. If we’re holding a payment, we’ll let you know on the transaction details page if it’s safe to ship the item or not.

    What you should do

    If you receive an email like this, forward it to phishing@paypal.com.au then delete it and discontinue further communications with the buyer.

  • 5. Requests to ship through a buyer’s agent
    What’s going on?

    In this example, the recipient has listed their car for sale online and the buyer is offering to pay by PayPal. They state they’re unable to see the car or be contacted by phone as they’re offshore for work.

    What to look out for

    In this common scam, you’re asked to pay administrative costs or ship an item, usually through the buyer’s specified shipping agent at your cost, with promises of the funds being added to the total sale price. Once the sale is agreed upon, you’ll receive an email, claiming to be from PayPal, saying you’ve been paid. Always log in to your PayPal account to ensure you’ve received payment before shipping any item and only ship through your chosen shipping provider – don’t use a buyer’s agent.

    What you should do

    If you receive an email like this, report it to the site you’re selling your item on and cease communication with the buyer. Before shipping any item, always check the payment is available in your PayPal account.

  • 6. Requests to send money using a wire transfer
    What’s going on?

    In this example, you’re advised that you were sent too much money for a sale. The email, claiming to be from PayPal, asks you use an alternate payment service, in this case Western Union, to refund the excess payment to the buyer before funds will be released into your PayPal account. The email warns you should not contact PayPal.

    What to look out for

    We’ll never ask you to wire money through an alternate payment provider, no matter the reason. We will also never tell you not to contact us or that we’re unavailable to speak to you about a transaction. When receiving notifications of payment, always visit www.paypal.com.au and log in to your PayPal account to confirm the payment appears in your transaction history.

    What you should do

    If you receive an email like this, forward it to phishing@paypal.com.au then delete it. Do not communicate further with the buyer or their agents.

  • 7. Coloured URL bars in your browser
    What’s going on?

    On many internet browsers, suspicious URLs turn red to warn you the website could be fake.

    What to look out for

    Generally:

    • Red means it’s a known phishing or fake website
    • Yellow means the website is suspicious
    • White means the webpage is not secure and should not request or display personal information
    • Green means the page is secure and information you enter is encrypted
    What you should do

    Regularly update your browser to ensure you’re using the most recent and secure version. Check your browser’s guidelines around how to more effectively identify phishing or fraudulent sites.

Create safer passwords and PINs.

  • Make sure your password is at least 8 characters long and includes a mix of upper and lowercase letters, numbers and symbols
  • Don’t use “password”, everyday words, your name, postcode, car registration number or any other easily guessed password or PIN
  • Keep login, password and PIN details private; memorise them immediately and never write them down, don’t tell anyone what they are (not even family or friends), and don’t let anyone else see you entering them
  • Change your password and PIN regularly and don’t use the same one on multiple sites
  • Don’t let your browser save passwords or PINs for you
  • Contact us immediately if you have forgotten a password or PIN, or if you suspect someone else is using them
It’s important you protect your password and PIN details as you could be liable for an unauthorised transaction if you voluntarily reveal your password or PIN to anyone else or fail to protect it. Your liability for losses from an unauthorised transaction is limited by the ePayments Code.

Learn more about your liability for unauthorised transactions

Shop safely online.

  • Only buy from reputable websites and online retailers
  • Double check all details of your purchase before confirming payment
  • Always log out of sites you’ve registered details with; closing the browser is not enough
  • Check your bank and credit card statements carefully
  • Make sure you have the latest antivirus software protecting your computer

Sell safely.

  • Always make sure the funds are in your PayPal account before shipping the item
  • Don’t include personal information when describing items for sale
  • Make sure no personal details can be seen in the background of photographs of items you’re selling, e.g. house number or car number plates
  • Consider setting up a separate email address for sales and customer service so your personal email account remains private
  • If offering an item for pick up or personal delivery, don’t go alone and try to meet in a public place

Learn how to reduce your exposure to fraud

Security on the move.

Smartphones and tablets need to be protected, just like your computer.

  • Use a PIN or password to lock access to your device and ensure it locks automatically when not in use
  • Turn on automatic updates for software and apps
  • When installing new apps, review permissions and decide whether you’re comfortable granting the access being asked for
  • Check your mobile bill for unusual charges
  • Enable “Find My Device” so you can recover it or delete its content remotely if it’s lost or stolen

How PayPal protects you.

We use the latest security technology to help protect you from online fraud.

  • We authenticate outgoing emails with DMARC technology. Participating email providers mark unauthenticated emails as hoaxes and send them to your spam folder or restrict their delivery to you.
  • We have staff dedicated to answering your phishing email queries, identifying unauthorised transactions and working with local authorities to help stop scammers.
  • When you communicate with us online, your data is encrypted.

Questions and answers

I’ve received a request for information. How do I know it’s really from PayPal?

Sometimes we need to ask for more information about you, your business or some of your transactions. If we do this, we’ll always ask you to log in to your account to provide more information via the Resolution Centre. Remember, don’t click on a link to provide personal or financial information – always visit our site by typing www.paypal.com.au into your browser’s address bar

An email I received looks genuine but I still feel unsure. How do I know it’s from PayPal?

If you receive an email claiming to be from PayPal and you’re not sure, consider our checklist above. If you’re still unsure, trust your gut and forward it to phishing@paypal.com.au.

What are some examples of common scams?

1) Shipping service scams What happens?The buyer asks you to use their shipping account because they can get a discount, have a preferred vendor they’ve worked with for years, or their shipping service is more reliable. In one variation of the scam, the buyer may ask you to send the shipping fees to their preferred shipper. Why they want you to use their shipping accountIf you use the buyer’s shipping account, they can easily contact the shipping company and reroute the order to another address. They can then file a dispute saying they didn’t receive their order. You can’t prove that the buyer received their order so you lose the item, the shipping costs and your money. Why they want you to send the money to their shipperThe shipping company may not exist and they may be receiving the money you send directly. It’s often the case that the order is made with a stolen card or bank account and you, the seller, may be held liable for returning the funds to the legitimate customer whose account was stolen. How to avoid this scam Only use your shipping account Never send money to someone you don’t know – you can’t get it back easily Ship to the address on the Transaction Details page 2) Overpayment scams What happens?Your buyer sends you a PayPal payment for more than the purchase price and asks you to send them the difference. Why they overpaid you They may have used a stolen credit card or bank account to pay you. If the legitimate account holder reports unauthorised activity, the money can be withdrawn from your account. If that happens, you’ll lose the money you sent, the item you shipped, the shipping costs and your payment. How to avoid this scam Don’t send money to someone you don’t know. A legitimate buyer won’t overpay you for an order If a customer overpays you and asks you to send them the difference, consider cancelling the order – it’s likely to be fraudulent Follow Seller Protection shipping requirements and ship to the address on the Transaction Details page to help protect your business against losses from unauthorised transactions