Search PayPal
Skip to main content

Phishing - Examples, Info and Anti-Phishing Tools from PayPal Canada

Your Guide to Phishing

What Is Phishing?

Identity Theft

In short, phishing is an attempt to steal your identity. Under false pretenses, criminals try to get you to disclose sensitive personal information, such as credit card numbers, account passwords, or social insurance numbers.

One of the most common phishing scams involves sending an email that fraudulently claims to be from a popular company. However, it can also be carried out in person, over the phone, and via malicious pop-up windows and "spoof" or fake websites.

How It Works

How it Works
  1. A criminal sends thousands, even millions, of emails to a variety of people, usually at random. These emails appear to be messages from a popular company. A common example contains a false story designed to lure you into clicking on a link or calling a phone number.
  2. The phishing email contains links or buttons that take you to a fraudulent website.
  3. The fraudulent website mimics the company referenced in the email, and aims to extract your sensitive personal information.

In essence, you think you're giving your information to a trusted company when, in fact, you're giving it to a criminal.

Protect yourself. Learn how to recognize phishing emails and spoof websites.

Recognizing Phishing

Fake Email Numbered

How to Spot a Fake Email

There are many signs of a fraudulent email.

  1. Sender's Address
    The "From" line may include an official-looking address that mimics a genuine one.
  2. Generic Greetings
    Be wary of impersonal greetings like "Dear User," or your email address. A legitimate PayPal email will always greet you by your first and last name.
  3. Typos/Poor Grammar
    Emails sent by popular companies are almost always free of misspellings and grammatical errors.
  4. False Sense of Urgency
    Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
  5. Fake Links
    Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don't click.
  6. Attachments
    A real email from PayPal will never include an attachment. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it's legitimate.

Spoof Websites

How to Spot a Fake Website

Watch out for the following:

  1. Deceptive URLs

    Some criminals will place a fake browser address bar over the real one, so it appears you're on a legitimate website. But even if a URL contains the word "PayPal," it may not be a PayPal site.
    • Examples of fake PayPal addresses:
      • http://signin.paypal.ca@10.19.32.4/
      • http://83.16.123.18/pp/update.htm?=
      • https://www.paypal.ca/=cmd_login_access
      • www.secure-paypal.ca
    • Always log in to PayPal by opening a new browser and typing in the following: https://www.paypal.ca.
    • The term "https" should precede any Web address (or URL) where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure Web session, and you should not enter your information.
  2. Lock icon in the wrong place

    Browser Lock Icon

    Look for the secure lock icon in the status bar at the bottom of the browser window. If you see it inside the window, close your browser because you may be on a spoof site.

Legitimate PayPal Emails

Be Smart and Stay Safer

Here's a good rule to remember:

Never click on a link in an email that requests personal information.

Any time you receive an email about your PayPal account, the safest and easiest course of action is to open a new browser, type in https://www.paypal.ca, and log in to your account directly.

Information PayPal will never request in an email:

  • Credit card numbers
  • Bank account numbers
  • Driver's license numbers
  • Social insurance number
  • Email addresses
  • Passwords
  • Your full name

Fighting Phishing

Fake Email

How to Combat Scam Emails and Sites

It's important to remember that when it comes to phishing, you are in control, as long as you do not provide sensitive information, click on suspicious links, or open unknown attachments.

How to Report a Phishing Email

  1. Forward the entire email to spoof@paypal.com.
  2. Do not alter the subject line or forward the message as an attachment.
  3. Delete the suspicious email from your email account.

We'll send you an email response to let you know if the email is indeed fraudulent. In the meantime, don't click on any links or download any attachments within the suspicious email. When you report suspected fraud, you're doing your part to help protect the whole PayPal community.

Anti-Phishing Tools

Take a look at our suite of special tools designed to help keep you protected from identity thieves.

More Ways to Stay Safer

  • Monitor your PayPal account
    Check your account periodically for suspicious activity. If you notice any unauthorized use, report it immediately, and remember: PayPal protects you with $0 Liability for Eligible Unauthorized Transactions.
  • Keep your security software current
    Make sure you're using the latest version of your browser, and that your firewalls and security patches are set to update automatically.
what_is_phishing*tab01|recognizing_phishing*tab02|spoof_websites*tab03|legitimate_paypal_emails*tab04|fighting_phishing*tab05