/ Shopping, Technology

Is the latest PayPal imitation scam email the most sophisticated yet?


Scammers are ramping up their efforts to catch you out with their phishing emails – and the latest PayPal imitation scam email is frighteningly realistic.

This week a friend received one of the most convincing PayPal imitation scam emails we’ve seen.

From email, sign-in page to personal detail form, it features a well-thought-out user journey.

How it works

It starts with the email, which looks like a receipt confirmation and cleverly guides you to click on a link to dispute a transaction. You won’t recognise the name the transaction shows because it’s fake and has been made up by the scammer.


Once you’ve landed on the sign-in page, you’re guided to type in your email and password.

paypal fake landing page

In all likelihood, if you make it this far without any suspicions, you’ll type in a genuine email address and password. This information would then belong to the scammer and enable them to access your real account.

Even if you make a slight mistake with your email and password, you’ll still progress to the personal detail form, as we’ve found that all the form needs is an ‘@’ sign somewhere in the email address field.

On the Personal Information Profile page, it asks you to enter your personal information to verify your identity.

paypal scam email

Not only are you told to enter in your billing address and card details, you’re also asked to enter in your mother’s maiden name, branch code and account number for ‘verification’ purposes.

This is an extensive and thorough attempt to capture as much financial information about you as possible, so accessing your account is easier for the scammers.

What you should do?

You should always be wary when asked to part with this much information and report a scam to the internet service provider as well as the company it’s pretending to be.

If you think you’ve received a suspicious email purporting to be from PayPal or have been directed to a fake website, forward it to spoof@paypal.com and it will investigate it. PayPal advises that you then delete if from your inbox.

If you clicked on any links or downloaded any attachments within the suspicious email or website, you should also log into your account, view your transactions and change your password.

If you think you may have given a fraudster your bank details, contact your bank as soon as possible.

If you’ve already noticed unauthorised transactions taking place, read our guidance on how to get your money back after a PayPal imitation scam and use our free letter template to write to your bank.

Extra details to look out for

When a scam becomes more sophisticated and the usual tell-tale signs of bad spelling and grammar aren’t there, you can examine the details of the email and landing pages more closely for some clues.

  • The design: For the more regular PayPal users among us, you’ll notice that the design of this imitation scam email is now out of date. PayPal upgraded its look and feel early last year, leaving behind the design matching this scam.
  • The date: The more eagle-eyed might also glance to the copyright date at the bottom of the log-in page and the personal detail form and notice they aren’t updated to include 2017.
  • The landing page URL: The landing page web address didn’t match that of PayPal. Always check the URL against the real site if you’re unsure.

PayPal has also published guidance on what its users should look out for more generally when it comes to spotting scam emails.

Did you receive the same email? What did you do about it? And what do you usually check for if you think you’ve received a scam email?


Any chance of enlarging the Paypal details please?

It would be interesting to know the website address you were taken to.


Hi @alfa

@adam-gillett has worked his magic on the images, so hopefully you should be able to see them more clearly now.



You should now be able to click the image previews to open them at full size in a new tab.

I’m afraid we’ve obscured the landing page URL for security’s sake, but often these landing pages are hosted on multiple sites – usually legitimate business websites that have been hijacked in advance.


Thank you.


If you computer is receiving emails that have links to malware or download malware then your email service is not protecting you . Many times on Which I have complained about BT,s American email service who,s server doesn’t offer virus protection but its “opposite number ” Yandex , a Russian email service does –for free . I have watched virus emails being downloaded to my email client by BT Mail but not by Yandex which puts it in trash/junk. Why ? because it does the interrogating for you , its my one criticism of the BT service as BT has been very helpful to me even in the past few days . You can install many apps that block this type of thing and even pay for your emails to be intercepted to check for viruses .


I mentioned before I had trouble getting Which,s surveys to click on -yes/no that BT Mail was putting it into the spam folder and so my email client wasn’t getting them . I have found a linkup , it seems BT Mail has been putting several email addresses with the same start word into the spam folder and that word is INFO obviously a “keyword ” for spam in their book . I have put them down as “safe mail ” and will watch to see if this works.


An interesting and timely topic. This morning a PayPal email was waiting for me, telling me the usual – that the account had been compromised, etc. and offering the usual link. There was, however, an interesting development with the link.

Instead of a ‘cloaked’ link, it appeared to be a genuine URL – https://www. etc.. and it wasn’t until I examined its code I could see the redirect. Very subtle, very hard to see and far more sophisticated than any previous scams.


Scam emails have become so common that it is time to make it illegal for any company or other organisation handling money to include links in emails. A good start would be a Which? campaign.