Common email scams
We typically use email to contact our customers. The information below can help you make sure it’s really us reaching out, and not somebody trying to gain access to your account.
Faked sender email address
Fraudsters can easily fake the “friendly name” in the sender’s email address. For example, an email can appear to be from “PayPal Services,” but actually be from spfr2013qz7@nomail.com.
Some email clients make it hard to see the real name. But if you mouse over the friendly name or click “Reply,” you should be able to see the full email address of the sender. Sophisticated fraudsters can fake the entire name to look like a legitimate sender, so be careful.
Though verifying a correct sender address is important, it’s not enough. It’s important to look at the entire email. When you check your account, always enter "www.paypal.com" into your browser instead of clicking a link in an email.
If it sounds too good to be true, it probably is
Advance fee fraud. Most of us are careful if a stranger approaches on the street and offers a deal that's just too good to be true. But we're much less cautious online, which puts us at risk. If you get an offer for free money, there's probably a catch. Typically, fraudsters will ask you to send some smaller amount (for taxes, for legal documents, etc.) before they can send you the millions you are promised, but which they never intend to send you.
Be aware of telltale signs of fraud. Messages asking you to pay a small handling fee to collect some fabulous prize are usually a scam. “High-Profit No-Risk” investments are usually scams. Messages insisting that you “Act Now!” for a great deal are often scams.
Fake charities. Scammers use disasters to trick kind-hearted people into donating to fake charities. This usually happens when there is a refugee crisis, a terrorist attack, or a natural disaster (like an earthquake, flooding, or famine). Thoroughly check the background of any charity to make sure your donation goes to real victims. If a charity does not have a website, for instance, be cautious.
To learn more about common scams and how to avoid them, search online for more about advance-fee fraud. You can also read the FBI's material on common types of scams(in English). Most importantly: be as cautious online as you are in the real world.
Here are some common scams where fraudsters use phishing emails:
"Your account is about to be suspended." Many fraudsters send phishing emails warning that an account is about to be suspended, and that the account holder must enter their password in a phishing webpage. Be careful; PayPal will never ask you to enter your password unless you are on the login page. Report any suspect email by forwarding it to phishing@paypal.com. This can help keep you secure.
How to identify real PayPal emails
An email from PayPal will:
- Come from paypal.com. Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name. A sender like “PayPal Service (zxk1942R3@gmail.com)" is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so look for other clues.
- Address you by your first and last names, or your business name.
An email from PayPal won't:
- Ask you for sensitive information like your password, or credit card number.
- Contain any attachments or ask you to download or install any software.
Bogus links in emails
If there's a link in an email, always check it before you click. A link could look perfectly safe like www.paypal.com/SpecialOffers, but if you move your mouse over the link you'll see the true destination. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.
If you do click a link in an email, be sure to review the URL of the site where you land. It is easy for bad guys to copy the look of a legitimate website, so you need to check that you are on the correct website.