Scam Emails & Phishing: Is that email really from PayPal?

Unfortunately there are fraudsters out there who try to use our trusted name to get information from you. This is called “phishing” because the sender is “fishing” for your personal information. The goal is to trick you into clicking through to a fake or “phishing” website, or into calling a fraudulent customer service number where they can collect and steal your sensitive personal or financial information.
If you have opened an email that you don’t think is from PayPal, and haven’t clicked on any links, you shouldn’t have anything to fear. If you have clicked on a link, or you have downloaded an attachment, learn more about Identity Protection.

Here are some helpful tips on how to spot Scam Emails:

The Senders Address
The “From” line may include an official-looking address that mimics a genuine one.

Generic Greetings
Be wary of impersonal greetings like “Dear User”, or your email address. A legitimate PayPal email will always greet you by your first and last name.

Typos/Poor Grammar
Emails sent by popular companies are almost always free of misspellings and grammatical errors.

False Sense of Urgency
Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.

Fake Links
Check where a link is going before you click on it by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click it.

A real email from PayPal will never include attachments. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it’s legitimate.

PayPal will never ask you to provide personal information in an email:

  • Credit card numbers
  • Driver’s license numbers
  • Email addresses
  • Bank account numbers
  • Social insurance number
  • Your full name

How to spot a fake website:

Deceptive URLs
Some criminals will place a fake browser address over the real one, so it appears you’re on a legitimate website. But even if a URL contains the word PayPal, it may not be a PayPal site.

Examples of fake PayPal addresses:

Always log in to PayPal by opening a new browser and typing in or

The term “https” should precede any web address (or URL) where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure Web session, and you shouldn’t enter your information.

Report suspicious emails or phishing websites to PayPal

It is important to report potential PayPal phishing email or phishing site as soon as possible.


Forward the entire phishing email or phishing site information to


Do not alter the subject line or forward the message as an attachment.


Delete the suspicious email from your email account.

We’ll send you an email response to let you know if the email is indeed fraudulent. In the meantime, don’t click on any links or download any attachments.

Be cautious when communicating with others through direct messaging as scammers may attempt to trick you into providing personal information. PayPal users should never share sensitive personal or financial information, for example:

Bank Account Numbers including last four digits

Credit Card Number, Verification Code or PIN


Credit Score

Social Security Number or Tax Identification Number

Account Balance, Credit Balance of any PayPal account or service

Government issued ID information, for example Passport, Drivers License, Military Identification Number or any other identification number

Home address, date of birth or personal family information

Unauthorized Account Activity

If you think someone has used your account without permission, report it to PayPal immediately and we’ll help protect you as much as possible. If reported within 60 days of when the transaction appeared on your account statement, PayPal can protect you with $0 liability for eligible unauthorized transactions.

You can notify us in the following ways:

Call PayPal Customer Service at 1 (402) 935-2050.

Use the form available in the PayPal Resolution Centre to file an unauthorized transaction report.

Write to PayPal:
Attn: Error Resolution Department P.O. Box 45950 Omaha, NE 68145-0950 USA