What is Phishing?

"Phishing" is an illegal attempt to "fish" for your private, sensitive data. It works by using false pretences to trick you into revealing personal or financial information such as bank account details, credit card details, and passwords etc.

One of the most common phishing scams involves sending emails/SMS that fraudulently claims to be from a well-known company (like PayPal). These often link to fake (spoof) websites where your information can be collected if you type it.

Suspicious emails

If you believe you've received a phishing email, follow these steps right away:

  • Forward the entire email to spoof@paypal.com
  • Do not alter the subject line or forward the message as an attachment.
  • Delete the suspicious email from your inbox.

We'll look into it and email you a response to let you know if it is indeed fraudulent. In the meantime, don't click any links or download any attachments within the suspicious email. If you‘ve responded to a fraudulent email and believe your PayPal account may now have been accessed, you should report the unauthorised access immediately.

You’ll know that an email/SMS is not from PayPal when:

  • The email/SMS uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name or the business name on your PayPal account.
  • The email/SMS requests financial and other personal information. A real email/SMS from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email or SMS.
  • The email/SMS asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account

Suspicious SMS

SMS SPAM (also known as smishing) can be more than just annoying – it may contain suspicious content. Many carriers will let you report SPAM by simply forwarding the message to ‘7726’ (which is the keys for ‘SPAM’ on most phones). Check with your service provider to find if this service is supported.

Here are some security tips to help you stay protected online:

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.co.uk. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

Note:

  • If you provided any personal information in response to a phishing email or on a spoof website, change your PayPal password and security questions immediately.
  • If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.
  • Review your PayPal account history to check that you recognise all recent payments.

PayPal is committed to helping shut down these sites and ensure that you’re able to spot phishing immediately. We make it our job to keep your identity as safe as possible, online.