Business Resource Center

Manage your business

PayPal phishing: identify phishing scams & emails.

Beware fake emails: Phishing.

One way to help protect your identity, and your PayPal account, online is to be on the lookout for phishing emails. These emails are made to look like official communications from familiar companies. Fraudsters produce these emails and send them to millions of addresses in the hopes that someone will follow the links or call the phone number they've included and share sensitive information that the scammers can then exploit. Telltale signs of a phishing email include:

  • Generic greetings that don't use your name: Because these are mass emails, the opening line will often be very vague. However, remember that targeted phishing attacks may sometimes use recipients’ personal information, such as their names, in order to appear legitimate.
  • Typos or poor grammar: Poorly written emails are less likely to be from a legitimate company. Don’t be tricked into thinking that a well-written email with the correct logo must be legitimate, though! Many scammers are skilled at forging emails and webpages that appear reasonably close to the real thing.
  • A false sense of urgency: Phishing emails are often alarmist and may warn that your account needs to be updated immediately. They're hoping you'll get caught up in the hype and ignore the warning signs that it's fake.
  • Fake links: The true URL addresses behind links in phishing emails are often hidden. You can see where exactly a link will take you by hovering over it. If it seems suspicious, don't click it. You can always open a browser and enter “PayPal.com” by hand to be sure that you are going to PayPal.
  • Attachments: Emails that are truly from PayPal won't include attachments. Don't ever open an attachment unless you're sure it's legitimate and safe. Be particularly cautious of invoices from companies and contractors you are not familiar with. Some attachments contain viruses that install themselves as you open the attachments.

Note that sender addresses are easy to manipulate, so even if an email says it's from a company you trust, it may not be. If you're trying to decide if an email is a spoof, take a look at what it's asking for. Legitimate companies won't use email to request sensitive information.

If you receive a suspicious email that's supposedly from PayPal, don't click on any links or accompanying attachments. Just forward it (not as an attachment) to spoof@paypal.com without changing the subject line. Then, delete it from your account. Alerting us about such emails will help make the PayPal community safer. We'll respond letting you know if the email is indeed a fake.

Real PayPal emails.

If an email is asking for sensitive information, it's a red flag. Keep in mind that PayPal will never send an email with a direct link to a web site to ask you for:

  • Credit card or debit card numbers
  • Bank account numbers
  • Driver's license numbers
  • Email addresses
  • Passwords
  • Your full name

If we send you an email requesting information from you, we will direct you to log into your account and go to the Resolutions Center.

Your online safety is important to us! Please keep a watchful eye out for any suspicious-looking communication. A little awareness can go a long way when it comes to thwarting phishing attacks.