Is that email really from PayPal?

Unfortunately there are fraudsters out there who try to use our trusted name to get information from you. This is called “phishing” because the sender is “fishing” for your personal information. The goal is to trick you into clicking through to a fake or “spoof” website, or into calling a fraudulent customer service number where they can collect and steal your sensitive personal or financial information.

If you have opened an email that you don’t think is from PayPal, and haven’t clicked on any links, you shouldn’t have anything to fear. If you have clicked on a link, or you have downloaded an attachment, learn more about Identity Protection.

Here are some helpful tips on how to spot a Fake Email:

  • The Senders Address
    The “From” line may include an official-looking address that mimics a genuine one.

  • Typos/Poor Grammar
    Emails sent by popular companies are almost always free of misspellings and grammatical errors.

  • Fake Links
    Check where a link is going before you click on it by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click it.

  • Generic Greetings
    Be wary of impersonal greetings like “Dear User”, or your email address. A legitimate PayPal email will always greet you by your first and last name.

  • False Sense of Urgency
    Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.

  • Attachments
    A real email from PayPal will never include attachments. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it’s legitimate.

PayPal will never ask you to provide personal information in an email:

  • 1

    Credit card numbers

  • 2

    Bank account numbers

  • 3

    Driver’s license numbers

  • 4

    Social insurance number

  • 5

    Email addresses

  • 6

    Your full name

How to spot a fake website:

  • Deceptive URLs
    Some criminals will place a fake browser address over the real one, so it appears you’re on a legitimate website. But even if a URL contains the word PayPal, it may not be a PayPal site.

  • Always log in to PayPal by opening a new browser and typing in www.paypal.ca or www.paypal.com

  • Examples of fake PayPal addresses:
    http://signin.paypal.ca@10.19.32.4/
    http://83.16.123.18/pp/update.htm?=
    https://www.paypal.ca/=cmd_login_access
    www.secure-paypal.ca

  • The term “https” should precede any web address (or URL) where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure Web session, and you shouldn’t enter your information.

Report suspicious emails or spoof websites to PayPal

It is important to report the phishing email or spoof site as soon as possible.

  • 1

    Forward the entire phishing email or spoof site information to spoof@paypal.com

  • 2

    Do not alter the subject line or forward the message as an attachment.

  • 3

    Delete the suspicious email from your email account.

Unauthorized Account Activity

If you think someone has used your account without permission, report it to PayPal immediately and we’ll help protect you as much as possible. If reported within 60 days of when the transaction appeared on your account statement, PayPal can protect you with $0 liability for eligible unauthorized transactions.

You can notify us in the following ways:

  • Call PayPal Customer Service at 1 (402) 935-2050.

  • Use the form available in the PayPal Resolution Centre to file an unauthorized transaction report.

  • Write to PayPal:
    Attn: Error Resolution Department P.O. Box 45950 Omaha, NE 68145-0950 USA

  • Once your claim has been filed, we will investigate and do our best to resolve the issue. Any transaction found to be in error or unauthorized will be refunded.

  • Please be aware we will notify any other parties involved in the transaction in order to help us investigate and resolve your claim.