/ Money, Scams

Scam alert: fake PayPal emails

PayPal is often a target for scammers looking for quick access to your money. Here are two phishing emails from earlier this year so you know how to spot them.

PayPal phishing emails are nearly always after the same thing; access to your account and personal information.

Here are two examples we’ve seen from earlier this year that can help show you what to look out for. We’ll also explain why they can be so effective.

On first glance, both emails appear to be from PayPal, using the company’s branding and its typical email layout.

They were also sent from email addresses that contain ‘PayPal’ in the domain, which helps make them seem more legitimate.

However, there are a couple of giveaways that all is not what it seems.

Hallmarks of a scam

PayPal usually addresses customers by name when it contacts you. A generic greeting in an email, such as the ‘Hello Customers’ is a cause for suspicion.

Other classic hallmarks of a scam we spotted include spelling and grammatical errors, including missing punctuation.

Guide: how to spot a scam email

It’s also very rare for a company to email you threatening to close your account if you don’t take immediate action. 

Scammers use this tactic to worry people into doing something, which unfortunately often successfully prompts the response they’re looking for.

PayPal has confirmed these emails are both fakes.

What if you’ve clicked through?

It’s unlikely there’s anything to worry about if you’ve only opened the email or clicked the link, but if you’ve entered any of your account details, such as your password, or given out your payment details, you must take precautions to protect yourself as soon as possible.

Guide: I think I may have given a fraudster my bank details

First, report what’s happened to both PayPal and the bank your account may be linked to.

If you do have credit or debit cards linked to your PayPal account, your bank will be able to make sure your money is protected.

PayPal should be able to secure your account, and its payment policy promises to protect its users from fraud.

If any money has been taken from your account because of these phishing emails, you should be reimbursed.

Have you received a PayPal phishing email in the past? How regularly do you see them?

Let us know, and help warn others in the comments.

Les Manton says:
23 July 2020

I may have missed it in your advice but surely it is also important NEVER to log into your PayPal account using the link on any email that you may receive.
Always safest it do it separately on the web or on your app ?

René says:
24 July 2020

I’ve been receiving SMS messages from UK mobile numbers pretending to be from PayPal and telling me my account has been suspended. I’d have put an example below, but I generally block the number and delete the message immediately. The link in the message is a dead giveaway as it’s nowhere near pointing to a PayPal domain.

I am currently regularly receiving these mails from “PayPal” and similar from “Amazon”.
In both cases I have been forwarding to “spoof@paypal.com” and “stop-spoofing@amazon.com”.

Whilst Amazon have acknowledged receipt of my forwarded mails, Paypal have not.

Are Paypal interested in being made aware of such mails.

Iain says:
24 July 2020

I have also had a phishing text message purporting to be from PayPal. The link they wanted me to click did not even contain the company name!

Ken Moser says:
24 July 2020

I’ve had a couple of these, which appear to come from paypal.co.uk

I had one allegedly form Next regarding the purchase of a chair (for£450.00) ,the e-mail said the money would come from my PayPal account , it even had my e-mail adress ,I had to do a lot of telephoning to prevent this from happening .So the level of sophistication is being developed even further !!!!!!!!!!!!!!!!!

I recently had an email supposedly from PayPal telling me that a charity donation I had made could not be paid owing to a problem with their account. It asked me to choose another charity from PayPal giving scheme and a link took me through to what seems to be their genuine website. I was then asked to reply saying who I would like to donate to. I was taken in and did this but at this stage no information about my account was asked for or provided. But, a few days later I had a text telling me that my PayPal account had been suspended owing to a failed payment with a link to their resolution centre so I could put it right. I didn’t do this but logged into PayPal and of course no no text had been sent by them, the original payment had also gone through. I reported it, and have deleted the text.

Apart from PayPal issues, I often receive a telephone call saying that my computer is faulty and then wanting personal details. This is a scam and I just put the receiver down.

Keith says:
25 July 2020

Every month PayPal sends out an email entitled ‘Your monthly account update’ with a link to a login page. I never follow this link as most banks and financial institutions advise that they never send out links and that you should never follow them if received anyway. PayPal should adopt this policy.

For clickable links, ProtonMail has a useful security feature built-in. If you click on a link or button in an emal, a confirmation box then displays the full web url that you are requesting, so you can check whether or not it looks OK before either confirming or denying that you want to go there.

I’ve just been sent a clickable link so I can accept and “sign” a contract of employment – no alternative means of signing up is offered. In this case, the web link looks OK and leads to a document that looks familiar.

Meeta Madhani says:
25 July 2020

I never respond to such messages and always report them to PayPal or Amazon or directly to the relevant retailers

Martin M says:
25 July 2020

I have concerns about genuine emails, from companies who should know better, that include a click to reply link. They are setting a poor example.

I’m not sure I agree.

Arguably, it can be safer to login to a site using a supplied url than to have to search for the site or manually type a known url oneself.

In those latter cases, one can become vulnerable to browser hijacks and fake websites, especially if typing errors are made in search terms or urls. Many tech support scam websites are set up to appear in response to mistyped search terms.

Perhaps the best solution is to bookmark the correct link for websites that you use regularly.

Yes that is a good idea, but you won’t have a url already bookmarked if you have not used it before.

If you absolutely trust the authenticity of an email, then I do not see any problems with clicking on links in such items.

Conversely, if strange emails turn up unexpectedly, then just delete them. A good email filter should also block any malicious emails.

I tend to agree with Derek on this. I have no qualms about clicking through to read my telecom bill or energy bills or messages from my bank because they always include in their e-mail a specific identifier [such as postcode, account number or other code] that scammers do not have. I am also registered receive notifications from local authorities on various topics and I perceive no risks in clicking on links to access detailed supporting documents even though there is no specific identifier in the covering e-mail; in any case, most such links do not state the url.

It is quite obvious from the comments that come into Which? Conversation on any scam topic that a very large number of people cannot spot a scam or are so ingenuous that they cannot believe that someone on the telephone is trying to defraud them. This is what makes scams possible, of course, so a lot more must be done to introduce effective protections and to educate people about the scamming opportunities and the risks that a moderate change of behaviour on their part will defeat.

I would prefer that emails from (seemingly) trusted sources asked you to log into your account rather than providing a link. Scammers often quote familiar information in an attempt to put you at your ease.

I reckon that I can probably tell the difference between a real and a scam email but if money is involved I avoid clicking on links and log into my account.

Yes, that is normally what you have to do in the circumstances I described so the link only takes you to the log-in page. Those who use auto-fill facilities for their passwords should then check that the correct data have been entered.

If you contact Paypal, then you will know if it’s real or not. Also of PayPal’s address isn’t showing at the bottom, it’s a fake.
Also if you do a reply to the email and see if it bounces back to you, then it’s a fake.

If I receive an email from my bank, Pay pal or similar, I always phone them up on a trusted number, and check my account on my mobile, AFTER I have disconnected/ deleted the said e mail/call.

D m walford says:
26 July 2020

Have been getting the Paypal spams for several years at least, normally at least 2-3 a month. Nobody seems to have done anything to try and stop same. Gave up using Paypal in the end – easier then to know which is spam- they all are.
Derek M

Thank you . I will be careful. AJW

Ken says:
29 July 2020

HMRC used to be my most frequent phishing mail and they go to phishing@hmrc who always acknowledge. More recently PayPal is my most frequent. Thanks for the reminder about spoof@paypal. I’ve been forwarding the most professional examples to report@phishing.gov.uk which also acknowledges. I just hope someone somewhere takes some notice because it should be easy to spot addresses issuing hundreds of identical mails – surely ?

Dean says:
4 August 2020

It does not help when PayPal sends everyone you pay ….
Your email address, the same email address that you use to login to PayPal with. (And potentially loads of other places)
So there are loads of potentially insecure computers that have 50% of your logon details.
Would help if you could have the ability to use another email address for the people you pay, keeping the address to talk with PayPal private – helps spot an genuine email from PayPal.

I got another Paypal scam email today. Stupid questions but how do these scammers get your email address besides from being registered to the platform?

Karen says:
6 August 2020

Yes, I’ve received a scam email from PayPal saying my account settings have been changed. I think I ignored it because I hadn’t used my Paypal account for a while. These phishing emails are so believable, it’s worrying! I’m so happy that Which? is there to offer guidance.