How to protect yourself against PayPal phishing scams

PayPal is handy in online transactions, but you’ve likely heard about people online falling into phishing scams. So it’s understandable if you’re worried that it’s only a matter of time before scammers get into your account, too.

Phishers can use sophisticated tactics to trick people into giving their information, leading to disastrous consequences like identity theft. Many of them use phishing emails that appear to be legitimate. 

Not knowing the red flags can make you a victim, so you want to look for ways to protect your PayPal account. 

We understand your pain, so we’ve looked into official PayPal sources to understand how it protects users against phishing. We also read the latest news on PayPal phishing emails and gathered the best tips to keep your PayPal account safe.

Stick with us until the end and learn about the most telling sign of a PayPal phishing email, so you’ll immediately know it’s a scam.

3 security tips against PayPal phishing scams

Like most phishing scams, PayPal scams happen through malicious links, emails, phishing sites, and even questionable ads. These can trick users into trusting the content enough to let their guard down and give up personal information. 

How do you protect yourself against PayPal phishing scams? 

Here are some things you can do to enhance your security:

1. Enable multi-factor authentication

Multi-factor authentication requires you to provide two or more verification factors before logging in to your PayPal account. For instance, you’ll need to input a code that PayPal will send you via SMS.

Enabling multi-factor authentication makes it almost impossible for hackers to access your PayPal account, even if they get your login credentials via phishing emails. They’ll have to physically have your phone to log in.

2. Never click links, and examine the website in the email

It’s best never to click on links from a suspicious email. Instead, you’ll have to type the URL on the search bar yourself. When doing so, inspect the web address before entering.

The URL should start with “” with a closed lock icon on the address bar. However, having the lock icon and “https://” instead of “http://” isn’t enough. If your web browser prompts you that the site may not be secure, take its advice and leave.

Once you go to the site, you can quickly browse it for anything that may seem “off,” like typographical errors.

3. Change your passwords from time to time

Changing your passwords regularly is an excellent way to protect your account and your money, even if you fall victim to PayPal phishing scams. Ensure that it’s complex enough, and don’t use the same password for multiple accounts.

What to do if you become a PayPal phishing victim 

Should you fall into a PayPal phishing scam, it’s important to act as quickly as possible. You’re in a race against time, as scammers can use your information for various malicious activities, including identity theft. 

Here are some steps you can take to minimize damages:

Change your login details

Once you discover you’ve been hacked or tricked, change all your login details as quickly as possible. Change your usernames, passwords, and security questions for all your accounts. 

Remember that your online accounts are likely interlinked, so the chances of scammers cracking your other profiles will be relatively high.

Report the incident

Report the phishing incident not just to PayPal but to local authorities, credit card companies, banks, and other financial institutions you may deem necessary. 

Explain your story as detailed as possible, but get a police report for additional support. You’ll have enough proof if scammers end up using your financial accounts. 

Monitor your online accounts 

Once scammers gain access to one account, it’s only a matter of time before they crack other codes. 

Although you’ve likely changed your login credentials, monitoring your accounts carefully for any suspicious or unexpected activities is important. 

How do you report PayPal phishing emails?

If you receive phishing emails posing as PayPal, forward them to [email protected]. PayPal’s security team will investigate the case. After you’ve done this, block the email address and delete the email from your inbox.

PayPal phishing scams (that look like the real deal) to look out for 

It can be difficult to trace PayPal scams, as criminals improve their methods regularly. Discerning a fake email, link, or website from authentic ones entails a sharp eye and general skepticism, as you can easily fall into phishing traps if you’re not careful enough. 

If you’re hesitant about certain emails, links, or websites, there’s a good chance you’re right not to trust them. 

How do you get scammed on PayPal? To help build better awareness, here are some scams we’ve gathered for your careful perusal:

“Your money’s waiting for you!”

This is a common scam many PayPal users fall for. You’ll get a notification, often through email, that you’ve received a certain amount in your PayPal account. 

The message will come with instructions, where you’ll have to click on the link for fund release. The link isn’t the golden pot at the end of the rainbow, as it will likely direct you to a fake PayPal site. 

The site will ask you to log in, but scammers will track your every move. By the end of the process, they’ll have access to your actual PayPal account. 

“There’s a problem with your account”

Besides fake notifications on receiving money, phishers also resort to narratives that spark worry and anxiety. 

You may receive a phishing email stating there’s something wrong with your PayPal account, which can cause you to worry. 

Unfortunately, the links and instructions in the email will lead to a fake website, where you’ll be asked to log in. Scammers will immediately have access to your account, and they can withdraw every cent you have. 

“I overpaid, so give me a refund”

If you’re an online seller relying on PayPal as a payment method, be careful—scammers can easily pose as buyers. eCommerce owners often talk about buyers that overpay, stating that it was a mistake and you must provide them a refund for the difference. 

While these things can happen, scammers can usually convince you to transact outside the platform. Once you’ve transferred the balance to them, they’ll dispute the original transaction within PayPal.

More often than not, PayPal will end up siding with them, especially if they claim their account was a victim of fraudulent transactions. PayPal may refund them the full amount, and the money you’ve transferred will be irretrievable. 

“Donate now!”

If you’re a kindhearted person looking to donate money to worthy causes, you may want to know that there may be scammers who want to take advantage of your kindness.

Some PayPal email scammers send emails containing fake charity websites. Their goal is to get you to donate money from your PayPal account. 

They may even collect your login information if you’re not careful. So, always examine the site thoroughly and check if the donation drive is legit.

Signs that you’ve received a scam PayPal email

If you’ve received an email that claims to be from PayPal, be wary. Because hackers are more innovative and convincing nowadays, they can make the email look like a genuine message from the company. They can even create a spoof website that looks like PayPal.

Although hackers can pose as PayPal, your careful discernment can shield you from falling victim to PayPal email scams and subsequent crimes like identity theft. 

Here are some warning signs you must look out for:

  • Generic customer greetings: Genuine PayPal emails have personalized greetings, so if it doesn’t contain your name, consider that a red flag. Scam emails usually open with impersonal customer greetings like “Dear customer” or “Greetings, PayPal member.”
  • Forcing immediate action: PayPal doesn’t send emails that force you to take immediate action. If it creates a false sense of urgency, it may be one of those PayPal email scams.
  • Unfamiliar sender: If you’re unaware of what PayPal’s email is, it usually ends in “” or “” However, some scammers can edit their names to legit-looking addresses like “[email protected],” hiding the fake email address. 

Examine the email address carefully by hovering over the sender’s name. If the sender’s real email address ends in “” or “,” ignore the email. That’s a scammer posing as PayPal.

  • Spoofed links: Hackers can easily replace links like “” and redirect you to a fake website. One way to check for spoofed links is to hover your mouse over the link—be careful not to click it. If the preview shows a different website, it’s a phishing site.
  • Downloadable attachments: Some PayPal scam emails ask you to download attachments. Chances are that these attachments contain malware that hackers can use to steal your data or lock you out of your computer until you pay them. Unless you’re absolutely sure that the attachments are safe, never download and open them.
  • A poorly written email: This is one of the most telling signs to look out for. Although hackers are smart, some miss out on crucial details and make careless grammatical errors. Check for spelling mistakes and poorly worded messages.

PayPal also will notify you on the website or app if there’s an issue with your account. It also has a helpful video explaining how you can detect a fake PayPal email.

How does PayPal protect its customers against fraudulent transactions?

According to the PayPal Security for Buyers and Sellers page, the company screens each transaction 24/7 to shield customers against fraud, identity theft, and phishing scams. PayPal claims that its encryption technology safeguards every transaction.

PayPal also states that its team of security specialists is available to help customers stay safe from fraudulent transactions.

You may wonder, “Will PayPal refund me if I’m scammed?” Fortunately, it can. 

According to the website’s User Agreement, it can invalidate payments your account has made if it’s due to an unauthorized transaction. However, this is time-bound.

If you don’t report the fraudulent transaction within 60 days from the date PayPal has sent the invoice, you may not get the money back.


PayPal phishing scams happen all the time, mostly because the scammers behind them can be quite convincing. They use different methods to trick you into trusting and clicking on links and websites. 

The next thing you know, you’re a victim of phishing or identity fraud. A little knowledge goes a long way, though. If you know about the red flags and proper measures, you can feel more confident that your account remains safe.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Scroll to Top