PAYPAL SECURITY

PayPal Phishing Scams: How to Spot Fake PayPal Emails

Real examples show exactly what to watch for and how scammers trick PayPal users

By SpamScore LLC December 2025 12 min read

PayPal phishing scams are among the most sophisticated email attacks. Scammers know PayPal users have payment methods on file, making your account a high-value target. Here's how to spot fake PayPal emails before they cost you money.

Why PayPal is a Top Phishing Target

PayPal accounts are goldmines for scammers because:

  • Payment method on file - Your credit/debit card or bank account is linked
  • Money moves fast - Scammers can transfer funds in minutes
  • Trusted brand - People assume emails from PayPal are legitimate
  • Password reset vulnerability - If compromised, scammers can lock you out
  • Seller accounts at risk - Business accounts can lose inventory and funds

Common PayPal Phishing Email Types

1. Fake "Confirm Your Account" Emails

❌ FAKE PAYPAL EMAIL

From: security@paypal-verify.com

Subject: Urgent: Confirm Your PayPal Account Immediately

"Dear PayPal Customer, We've detected unusual activity. Click here to confirm your identity or your account will be limited."

🚩 Red Flags:

  • Wrong domain: paypal-verify.com (not paypal.com)
  • Generic greeting instead of your name
  • Urgent language/account threat
  • Asks you to click link to verify
  • PayPal NEVER asks to "confirm identity" via email

✅ REAL PAYPAL EMAIL

From: service@paypal.com

Subject: Your PayPal Transaction Confirmation

"Hi [Your Name], Here's your receipt for the transaction on [date]..."

✓ Real Signs:

  • Correct domain: paypal.com (no hyphens or variations)
  • Uses your actual name in greeting
  • No urgent language or threats
  • Provides transaction details
  • No links asking you to verify anything

2. Fake "Unusual Activity Detected" Emails

❌ FAKE PAYPAL EMAIL

From: noreply@paypa1-security.com

Subject: PayPal: Suspicious Login Detected

"We detected a login from an unfamiliar location. Click here to verify it was you."

🚩 Red Flags:

  • Domain has typo: paypa1 (letter "l" instead of "1")
  • Asks you to click to verify login
  • No transaction details provided
  • Generic "unfamiliar location" message
  • Creates sense of urgency and worry

3. Fake "Payment Failed" / "Update Payment Method" Emails

❌ FAKE PAYPAL EMAIL

From: billing@paypal-service.net

Subject: Your Card Declined - Update Payment Method Now

"Your recent payment failed. Update your card info now to avoid account suspension."

🚩 Red Flags:

  • Wrong domain: paypal-service.net (not paypal.com)
  • Urgency + threat language
  • Asks for payment method update via link
  • No specific transaction referenced
  • PayPal NEVER asks for card info via email

5 Critical Rules for PayPal Emails

Rule #1: Check the Sender Domain Carefully

Real PayPal emails come from @paypal.com. Watch for typos: paypa1.com, payp@l.com, paypal-security.com are all FAKE.

Rule #2: PayPal NEVER Asks for Sensitive Info Via Email

Not passwords, PINs, SSN, credit card numbers, or security questions. NEVER. If an email asks, it's 100% a scam.

Rule #3: Never Click Links in "Urgent" Emails

Real PayPal emails about problems don't ask you to click links. Instead, log into PayPal directly or call their customer service.

Rule #4: Hover Over Links to See the Real URL

Before clicking any link, hover your mouse over it. The link preview should show paypal.com. If it shows something else, it's fake.

Rule #5: Go Direct to PayPal Instead

If an email claims there's a problem, go to paypal.com directly (type it yourself) and log in. Check your account. Real problems appear there first.

What to Do If You Click a Fake PayPal Link

🚨 Immediate Actions (Next 30 Minutes)

  1. Go to paypal.com and change your password immediately
  2. Check your account activity for unauthorized transactions
  3. Review linked payment methods - make sure no new cards/accounts were added
  4. Enable PayPal's security key or two-factor authentication
  5. Contact PayPal directly at 1-888-221-1161 to report the phishing email

Within 1 Hour

  • File a report with the FBI (IC3.gov) if you entered payment information
  • Check your credit report at AnnualCreditReport.com (free)
  • Monitor your linked bank accounts and credit cards for unauthorized charges

Within 24 Hours

  • Review all recent PayPal transactions and dispute any unauthorized ones
  • Check email account used for PayPal (may have been compromised too)
  • Change passwords on other accounts that use the same password
  • Consider a fraud alert with your credit card companies

PayPal Seller Account Protection

If you're a PayPal seller, you're at even higher risk. Scammers target seller accounts to:

  • Steal inventory listings
  • Transfer funds to their own accounts
  • Lock you out of your business account
  • Redirect payments to unauthorized bank accounts

Extra security steps for sellers:

  • Use a unique, 20+ character password
  • Enable PayPal's security key (hardware or app-based)
  • Set up withdrawal holds to delay fund transfers
  • Monitor your seller dashboard daily for suspicious activity
  • Use a separate email address for PayPal (don't use personal email)

Learn how to protect your PayPal account from phishing and unauthorized access

🔍 Test Your Skills: Scan PayPal Emails

Paste any PayPal email into our scanner to instantly detect phishing attempts. See what red flags our AI detects before it's too late.

Scan An Email Free →

🛡️ Verify Before You Click

Use SpamScore to analyze any suspicious PayPal email. Forward it to scan@getspamscore.com for instant AI analysis showing exactly why it's dangerous.

Check Your Email Free →

Last updated: December 2025. PayPal phishing attempts evolve constantly. When in doubt, contact PayPal directly at 1-888-221-1161 using the number on their official website, never from an email.