Scam Emails & Phishing: Is that email really from PayPal?

"Phishing" is an illegal attempt to "fish" for your private, sensitive data. It works by using false pretences to trick you into revealing personal or financial information such as bank account details, credit card details, and passwords etc.

One of the most common phishing scams involves sending emails/SMS that fraudulently claims to be from a well-known company (like PayPal). These often link to fake (phishing) websites where your information can be collected if you type it

Here are some helpful tips on how to spot Scam Emails:

The Senders Address The "From" line may include an official-looking address that mimics a genuine one.

Generic GreetingsBe wary of impersonal greetings like “Dear User”, or your email address. A legitimate PayPal email will always greet you by your first and last name.

Typos/Poor GrammarEmails sent by popular companies are almost always free of misspellings and grammatical errors.

False Sense of UrgencyMany scam emails tell you that your account will be in jeopardy if something critical is not updated right away.

Fake LinksCheck where a link is going before you click on it by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click it.

AttachmentsA real email from PayPal will never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain spyware or viruses.

Tracking numberThe email/SMS asks you to provide the tracking number of the dispatched item, before you’ve received a payment into your PayPal account.

Clicking on linksNever click on a link in an email that requests personal information. Any time you receive an email about your PayPal account, open a new browser, type in, and login to your account directly.

Scam Emails & Phishing: Is that email really from PayPal?

  • Credit card numbers
  • Driver’s license numbers
  • Email addresses
  • Bank account numbers
  • National insurance number
  • Date of birth

Suspicious emails

If you think you’ve received a phishing email, follow these steps right away:

Forward the entire email to

Do not alter the subject line or forward the message as an attachment

Delete the suspicious email from your inbox

Here are some security tips to help you stay protected online:

Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.

If you provided any personal information in response to a phishing email or on a phishing website, change your PayPal password and security questions immediately.

When using PayPal, always ensure that the URL address listed at the top of the browser displays as The 's' in ‘https’ means the website is secure.

If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.

Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

Review your PayPal account history to check that you recognise all recent payments.

Be cautious when communicating with others through direct messaging as scammers may attempt to trick you into providing personal information. PayPal users should never share sensitive personal or financial information, for example:

Bank Account Numbers or IBAN, including last four digits

Credit Card Number and CVV/CVV2/PINs


Credit Data or Credit Score

National Insurance Number or VAT number

Account Balance, Credit Balance of any PayPal account or service

Government Issued ID information, for example: Passport, UK Driving Licence, UK Armed Forces Veteran ID Card or National ID Card Numbers

Home address, date of birth, or personal family information

Unauthorised Account Activity

If you think someone has used your account without your permission, tell us right away and we’ll help you as much as possible.

Suspicious SMSSMS SPAM (also known as smishing) can be more than just annoying – it may contain suspicious content. Many carriers will let you report SPAM by simply forwarding the message to ‘7726’ (which is the keys for SPAM on most phones). Check with your service provider to see if this service is supported.