How do I spot fake, fraudulent, spoof, or phishing emails?
You may receive an email falsely claiming to be from PayPal. Sending fake emails is called "phishing" because the sender is "fishing" for your personal information. The goal is to trick you in to giving up your personal, financial, or account information. Phishing emails may ask you to visit a fake or "spoof" website, or call a fake customer service number. These emails can also contain attachments that install malicious software on your computer when opened.
Keep in mind that receiving a fake email doesn't mean your account has been compromised. If you think an email is fake, don't open it. Don't reply to the email, don't click on any links, nor open any attachments. If you clicked on a link or opened an attachment, log in to your PayPal account and check your recent activity to make sure everything looks right.
It's also important to report the fake email or website to PayPal as soon as possible. That way, we can protect you and other PayPal users. Forward any suspicious email to email@example.com then delete the suspicious email from your Inbox.
When unsure if you can trust an email claiming to be from PayPal, here are a few guidelines that can help you spot the real from the fake:
Impersonal, generic greetings are used; such as “Dear user” or “Dear [your email address]”.
Emails from PayPal will always address you by your first and last names or by your business name. We never say things like "Dear user" or "Hello PayPal member".
Ask you to click on links that take you to a fake website.
If there's a link in an email, always check it before you click. A link could look perfectly safe like www.paypal.com/SpecialOffers. Make sure to move your mouse over the link to see the true destination. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.
Contain unknown attachments.
Don't ever open an attachment unless you're sure it's legitimate and safe. Be particularly cautious of invoices from companies and contractors you're not familiar with. Some attachments contain viruses that install themselves when opened.
Convey a false sense of urgency.
Phishing emails are often alarmist, warning that your account needs to be updated immediately. They're hoping you'll fall for their sense of urgency and ignore warning signs that it's fake.
If there is an urgent need for you to complete something on your account, you can find this information by logging in to your PayPal account.
The following are some common scams where fraudsters use spoofed emails. When in doubt, always log in to your PayPal account and view the Resolution Center for any notifications.
"Your account is about to be suspended."
Many fraudsters send spoofed emails warning that an account is about to be suspended, and that the account holder must enter their password in a (spoofed) webpage. PayPal will never ask you to enter your password unless you're on the login page. Report any suspect email by forwarding it to firstname.lastname@example.org.
"You've received a payment."
Some fraudsters try to trick you in to thinking that you've received a payment for an order. They want what you're selling for free. Before you ship anything, log in to your PayPal account and check that you were actually paid. We'll never ask you to provide a tracking number by email. If you’ve been paid, you’ll always see the payment in your PayPal account.
"You have been paid too much."
Fraudsters may try to convince you that you've been paid more than you were owed. For example, a spoofed email says that you’ve been paid $500 for a camera you listed at $300. The sender asks you to ship the camera in addition to the extra $200 you were “paid” by mistake. The scammer wants your camera AND your money, but hasn’t actually paid you at all.
Simply log in to your PayPal account and check that you were paid before sending anything.
If you received an email seemingly from PayPal that states you’ve received money, check to make sure the email isn't fake. Some signs:
The email does not address you by your first and last name.
The email says the money is “on hold” until you complete an action (i.e., send money through Western Union or click a link to submit a tracking number). You can easily see if you received money by logging in to your PayPal account (do not click any links within the email). If you’ve been paid, you’ll see the payment in your account.
Here's a video on identifying suspicious emails: