Scam Emails & Phishing: Is that email really from PayPal?

"Phishing" is an illegal attempt to "fish" for your private, sensitive data. It works by using false pretences to trick you into revealing personal or financial information such as bank account details, credit card details, and passwords etc.

One of the most common phishing scams involves sending emails/SMS that fraudulently claims to be from a well-known company (like PayPal). These often link to fake (spoof) websites where your information can be collected if you type it.

Here are some helpful tips on how to spot Scam Emails:

The Senders Address

The "From" line may include an official-looking address that mimics a genuine one.

Typos/Poor Grammar

Emails sent by popular companies are almost always free of misspellings and grammatical errors.

Fake Links

Check where a link is going before you click on it by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click it.

Tracking number

The email/SMS asks you to provide the tracking number of the dispatched item, before you’ve received a payment into your PayPal account.

Generic Greetings

Be wary of impersonal greetings like “Dear User”, or your email address. A legitimate PayPal email will always greet you by your first and last name.

False Sense of Urgency

Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.

Attachments

A real email from PayPal will never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain spyware or viruses.

Clicking on links

Never click on a link in an email that requests personal information. Any time you receive an email about your PayPal account, open a new browser, type in www.paypal.co.uk, and login to your account directly.

PayPal will never ask you to provide personal information in an email:

  • Credit card numbers
  • Driver’s license numbers
  • Email addresses
  • Bank account numbers
  • National insurance number
  • Date of birth

Suspicious emails

If you think you’ve received a phishing email, follow these steps right away:

Forward the entire email to spoof@paypal.com

Do not alter the subject line or forward the message as an attachment

Delete the suspicious email from your inbox

Here are some security tips to help you stay protected online:

Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.

When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com/uk. The 's' in ‘https’ means the website is secure.

Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

Note:

If you provided any personal information in response to a phishing email or on a spoof website, change your PayPal password and security questions immediately.

If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.

Review your PayPal account history to check that you recognise all recent payments.

Unauthorised Account Activity

If you think someone has used your account without your permission, tell us right away and we’ll help you as much as possible. We can protect you if you report an eligible unauthorised transaction within 60 days of it appearing on your statement.

Suspicious SMS

SMS SPAM (also known as smishing) can be more than just annoying – it may contain suspicious content. Many carriers will let you report SPAM by simply forwarding the message to ‘7726’ (which is the keys for SPAM on most phones). Check with your service provider to see if this service is supported.