Help protect yourself.

Online payments still carry some element of risk, even though precautionary measures are taken with buying and selling these days. Learn how to stay safe online and spot phishing immediately, where the most common threats are, why they happen and how they could be prevented.

Get Started Now

Report unauthorised transactions

Watch out for phishing.

Online hoaxes are getting more sophisticated – making it tough to know whether an email, SMS or website is real. It’s important you learn how to spot the fakes so you stay safer online. If you believe you've received a phishing email, don’t respond and don’t click on any links or open any attachments. Simply forward the entire email to and delete it.

Be cautious when communicating with others through direct messaging as scammers may attempt to trick you into providing personal information. PayPal users should never share sensitive personal or financial information, for example:
  • Bank Account Numbers, including last four digits
  • Passwords/PINs
  • Tax File Number
  • Government Issued ID information, for example: Passport, Driver Licence
  • Credit Card Number and CVV/CVV2/PINs
  • Credit Data or Credit Score
  • Account Balance, Credit Balance of any PayPal account or service
  • Home address, date of birth, or personal family information

Shop safely online.

  • Make sure you have a secure password
  • Never enter personal or financial details, including passwords, in response to an unsolicited email, even if it looks legitimate
  • Visit websites by typing the full address into your internet browser’s address bar
  • Always log out of sites you have entered personal information into
  • Make sure you have the latest antivirus software protecting your computer

Sell more safely.

  • Don’t include personal information when describing items for sale
  • Make sure the funds are in your PayPal account before shipping the item
  • Consider setting up a separate email address for sales and customer service so your personal email account remains private
  • Make sure no personal details can be seen in the background of photographs of items for sale, e.g. house number or car number plates

Security on the move.

Never underestimate falling prey to fraudsters even with your mobile devices. Have greater security and peace of mind with these tips:

  • Always activate a PIN or lock function for your mobile device
  • Turn on automatic updates on your mobile device if that’s an available option
  • When installing new applications, review permissions and decide whether you’re comfortable granting the access that an application asks for
  • Enable “Find My Device” to help you find your device if it’s lost or stolen, and lock it or wipe it clean remotely if you need to
  • Backup your device on a regular basis

Never let your guard down.

Get Started Now

Frequently Asked Questions

How to identify a phishing email?

Here are some common features that may indicate the email is a hoax: Generic email greetings that does not address you by your first and last name Attachments or software updates Deceptive URLs or false links Wrong, out of date or out of place logos, design and type Upsetting or urgent statements demanding you react immediately Bad spelling and grammar Requests for financial or personal information Amazingly too-good-to-be-true offers

How to spot a fake email?

There are many telltale signs of a fraudulent email: False sense of urgency – Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away. Fake links – Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don't click. Attachments – A real email from PayPal will never include an attachment or software. Attachments can contain malware, so you should never open an attachment unless you are 100% sure it's legitimate. If you are not sure whether a PayPal email is legitimate or not, here is what you do: Do not click on any link in the email. Instead, start a browser, go to PayPal and log in. If there is any urgent message for you, you will see it as you log in. See examples of hoax and phishing emails

How to identify a hoax website?

Here are some tips to bear in mind: When logging in to banking, shopping or email websites, always look for 'https' at the beginning of the URL – the 's' stands for secured sites Check for the padlock symbol in your browser’s address bar Make sure the website URL address is genuine. Phishers often create a fake website with a similar URL to a bank or well-known business Do not rely on links in emails or from search engines as they could be fake. Enter the website URL address directly into your browser’s address bar

How do you identify scams?

Look out for emails or SMS that include: Offers to pay more than usual for a product Requests to use or pay a buyer’s shipping company or agent. If the buyer sends money for shipping by PayPal, ensure the funds are available in your account first. Be wary of buyers who insist you pay by wire transfer The promise of money in return for a favour A promise to donate money to charity if you contact them Notifications of lottery wins Unsolicited job offers

Avoid these popular scams!

1) Shipping service scams What happens?The buyer asks you to use their shipping account because they can get a discount, they have a preferred vendor they have worked with for years, or their shipping service is cheaper or more reliable. In another variation of the scam, the buyer may also ask you to wire the shipping fees to their preferred shipper. Real reason they want you to use their shipping service If you use the buyer’s shipping account, they can easily contact the shipping company and reroute the order to another address. The buyer can then open up a complaint asking for a refund because they didn’t receive their order. Now you aren’t able to prove that the buyer received their order and you have sent out your product, the shipping costs, and your money. Real reason they want you to wire the money to their shipperThey want you to wire the money to a bogus shipping company so they can steal your money. After you have wired the money you will find out that the order was made with a stolen card or bank account and you may be held liable for returning the funds to the legitimate customer whose account was stolen. How to avoid this scam Only use your shipping account Never wire money to someone you don’t know – you can’t get it back easily If a customer asks you to use their shipping service, review their order for fraud carefully. They may have used a stolen card or bank account to fund the purchase Ship to the address on the Transaction Details page 2) Package rerouting scams What happens? A buyer places an order and provides an incorrect or fake shipping address The shipping company tries to deliver the package but isn’t able to. The buyer monitors the online tracking information and notices that the shipper couldn’t deliver the package The buyer contacts your shipping company and asks them to send the package to their correct address. The shipping company delivers the package to the new location Real reason they rerouted the package The buyer rerouted the package so they could file a complaint saying that they never received it. Because the shipment was rerouted, you can’t prove the item was delivered to the address on the Transaction Details page. The buyer gets to keep the item and, because the package wasn’t delivered to the address on the Transaction Details page, you aren’t covered by our Seller Protection programme. Unfortunately, you lost the product, shipping fees, and the money. To make it worse, you might also have to pay your shipper an additional rerouting fee. How to avoid this scam Contact your shipping company and block buyers from rerouting packages Validate the buyer’s address before shipping Only ship to the address on the Transaction Details page 3) Overpayment scams What happens? You receive an order and your customer sends a payment that is more than the purchase price and then asks you to wire them the difference. They may tell you that they accidentally overpaid you, the extra money is for the shipping costs, they’re giving you a bonus for your great service, or the money is for the stress they’ve caused you. They may even ask you to wire the shipping fees to their shipper. Real reason they overpaid you This scammer may have used a stolen credit card, bank account number, or checking account to pay you. Just because a payment has been deposited into your account, doesn’t mean the money is yours to keep. If the legitimate account holder reports unauthorised activity, the money can be withdrawn from your account. If that happens, you’ll lose the money you wired to the fraudster, the product you shipped, shipping costs, and your payment. How to avoid this scam Don’t wire money to someone you don’t know. A legitimate buyer won’t overpay you for an order If a customer overpays you and asks you to wire them the difference, consider canceling the order – it’s very likely to be fraudulent Don’t wire money to the bogus shipping company – it’s part of their scam to get your money Follow the Seller Protection programme and ship to the address on the Transaction Details page to protect yourself from unauthorised transactions

What are types of questions that PayPal will never ask in an email?

We will never ask for the following personal information in an email: Credit and debit card numbers Bank account numbers Driving licence numbers Email addresses Passwords Your full name

  • 1. Emails with links included
    • This example is about a user being informed that their account is being limited and they need to click a link in the email to restore access
    • To be absolutely sure, hover your cursor over the links provided in emails
    • The bottom of your screen or above the cursor will reveal the actual website address of the link
  • 2. Emails with attachments enclosed
    • This example is about a user being informed of unusual charges to a credit card linked to their account via emails
    • We will never ask you to click on a link or download an attachment to provide personal or financial information
  • 3. Emails of high urgency
    • This example is about the user being informed to click a link in the email to update their account or it will be blocked
    • We will never indicate that your account will be blocked or limited via emails
  • 4. Emails with suspicious errors
    • This example is about the user being informed that there has been an unauthorised transaction on their account
    • When you receive an email claiming to be from PayPal, look for suspicious elements such as bad grammar, old logos, generic greetings and subject lines
  • 5. Emails with indication of a buyer already paid
    • This example is about the user being informed they have been paid via emails
    • Ignore emails demanding that payments for a sold item are already received, until you see the funds in your account
    • We won’t use a third party to inform that payments have been received, or ask you to respond to a non-PayPal email address
    • If you’re unsure whether the email is genuine, send the email to and wait for a response, before responding or shipping the item
  • 6. Buyer offers to pay by PayPal, then sends fake PayPal email
    • This example is about a buyer offering to buy a car and pay for it using PayPal
    • This scam often seems legitimate. Once a sale is agreed, the seller receives a fake PayPal email to say they’ve been paid. The 'buyer' hopes the seller will ship the item or forward funds to a shipping agent without checking the money is actually in their PayPal account
    • Never send an item you have sold without first ensuring the funds are in your PayPal account
  • 7. Send money using a wire transfer scam
    • This example asks a user to send money using Western Union, despite saying it’s from PayPal
    • Fraudsters often ask for money to be wired as it’s the same as sending cash
    • If you’re shopping online, be wary of using a wire transfer service. We will never advise you to wire funds when conducting business through PayPal
  • 8. Look out for coloured URLs
    • On some internet browsers, suspicious URLs turn red to warn you the webpage could be a phishing site
    • Generally*:
      • Red means it’s a phishing or fake website
      • Yellow means the website is suspicious
      • White means the webpage should not request or display personal information
      • Green means the website is secure and information entered is encrypted

    *These are only examples and may display differently on different browsers