How do I avoid unauthorized account access?

The majority of Unauthorized Account Access cases are a result of inadvertently providing account information, such as bank or credit card account numbers, on fake PayPal websites or in response to fake PayPal emails.

PayPal will always address you by your first and last name whether it’s a contact by phone or email. If an email or phone call claims there are issues with your account, log in to your PayPal account and check the Resolution Center. Any account issues will be listed there.

Stay safe. Don't respond to emails or phone calls asking for any of the following:

  • Your password and email address combination
  • Credit card numbers
  • Bank account numbers
  • Social Security numbers
  • Driver's license number
  • First and Last Names

Always log in to the PayPal site
  • PayPal will only ask for information after you’ve securely logged in.
  • For your security, PayPal will never ask you to re-enter your full bank account, credit, or debit card number without providing you at least the last two digits of the number. These digits let you know that we already know the full number and are asking you for the rest of it. Beware of any website or email asking for these numbers for "verification" that doesn’t provide the last two digits.
PayPal mobile app
  • Avoid sharing your device with others. If you do, please make sure to tap the Settings icon at the top right, tap Login and Security, then unclick Remember Me.
  • Also, keep in mind that all touch IDs stored to your device can be used to log in to your PayPal account. If you need to deactivate Touch ID, tap the Settings icon at the top right, tap Login and Security, then unclick Touch ID.
Web pages
  • When using the PayPal service, always make sure the PayPal URL address listed at the top of the browser begins with "https." The "s" ensures that the website is secure. Even if the URL contains the word "PayPal," it may not be a PayPal webpage.
  • Look for the "lock" symbol that appears in front of or behind the URL. This symbol indicates that you are on a secure site.
Don’t download attachments, software updates, or any application to your computer via a link you received in an email. PayPal won’t ask you to download anything for your account to work.

  • Use a unique password for your PayPal account and change it every 30-60 days.
  • The password should be one that isn’t used on any other site, service, or login.
If you think you’ve received a fraudulent email, please forward it to and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

To learn more about online safety, click Security near the bottom of any PayPal webpage.