/ Shopping, Technology

Is the latest PayPal imitation scam email the most sophisticated yet?


Scammers are ramping up their efforts to catch you out with their phishing emails – and the latest PayPal imitation scam email is frighteningly realistic.

This week a friend received one of the most convincing PayPal imitation scam emails we’ve seen.

From email, sign-in page to personal detail form, it features a well-thought-out user journey.

How it works

It starts with the email, which looks like a receipt confirmation and cleverly guides you to click on a link to dispute a transaction. You won’t recognise the name the transaction shows because it’s fake and has been made up by the scammer.


Once you’ve landed on the sign-in page, you’re guided to type in your email and password.

paypal fake landing page

In all likelihood, if you make it this far without any suspicions, you’ll type in a genuine email address and password. This information would then belong to the scammer and enable them to access your real account.

Even if you make a slight mistake with your email and password, you’ll still progress to the personal detail form, as we’ve found that all the form needs is an ‘@’ sign somewhere in the email address field.

On the Personal Information Profile page, it asks you to enter your personal information to verify your identity.

paypal scam email

Not only are you told to enter in your billing address and card details, you’re also asked to enter in your mother’s maiden name, branch code and account number for ‘verification’ purposes.

This is an extensive and thorough attempt to capture as much financial information about you as possible, so accessing your account is easier for the scammers.

What you should do?

You should always be wary when asked to part with this much information and report a scam to the internet service provider as well as the company it’s pretending to be.

If you think you’ve received a suspicious email purporting to be from PayPal or have been directed to a fake website, forward it to spoof@paypal.com and it will investigate it. PayPal advises that you then delete if from your inbox.

If you clicked on any links or downloaded any attachments within the suspicious email or website, you should also log into your account, view your transactions and change your password.

If you think you may have given a fraudster your bank details, contact your bank as soon as possible.

If you’ve already noticed unauthorised transactions taking place, read our guidance on how to get your money back after a PayPal imitation scam and use our free letter template to write to your bank.

Extra details to look out for

When a scam becomes more sophisticated and the usual tell-tale signs of bad spelling and grammar aren’t there, you can examine the details of the email and landing pages more closely for some clues.

  • The design: For the more regular PayPal users among us, you’ll notice that the design of this imitation scam email is now out of date. PayPal upgraded its look and feel early last year, leaving behind the design matching this scam.
  • The date: The more eagle-eyed might also glance to the copyright date at the bottom of the log-in page and the personal detail form and notice they aren’t updated to include 2017.
  • The landing page URL: The landing page web address didn’t match that of PayPal. Always check the URL against the real site if you’re unsure.

PayPal has also published guidance on what its users should look out for more generally when it comes to spotting scam emails.

Did you receive the same email? What did you do about it? And what do you usually check for if you think you’ve received a scam email?


Any chance of enlarging the Paypal details please?

It would be interesting to know the website address you were taken to.

Hi @alfa

@adam-gillett has worked his magic on the images, so hopefully you should be able to see them more clearly now.


You should now be able to click the image previews to open them at full size in a new tab.

I’m afraid we’ve obscured the landing page URL for security’s sake, but often these landing pages are hosted on multiple sites – usually legitimate business websites that have been hijacked in advance.

Thank you.

This comment was removed at the request of the user

This comment was removed at the request of the user

An interesting and timely topic. This morning a PayPal email was waiting for me, telling me the usual – that the account had been compromised, etc. and offering the usual link. There was, however, an interesting development with the link.

Instead of a ‘cloaked’ link, it appeared to be a genuine URL – https://www. etc.. and it wasn’t until I examined its code I could see the redirect. Very subtle, very hard to see and far more sophisticated than any previous scams.

Scam emails have become so common that it is time to make it illegal for any company or other organisation handling money to include links in emails. A good start would be a Which? campaign.


This comment was removed at the request of the user

The problem is that scam emails will still include the mischievous links and people will still click on them – giving them a problem. Clicking on a legitimate company’s link will not give a problem. I can only see education as the solution – don’t click on links.

Convos include unchecked links from trusted contributors. How do I know when “wavechange” includes a link that it is….er…wavechange and not a hacker?

Life is tricky, isn’t it.

I never use a link from any email unless I am very certain of the sender. Go to the site independently – through your bank’s for example.

This comment was removed at the request of the user

Duncan – My approach is not to click on links about anything financial and I keep a computer specifically for financial transactions. I may be living on borrowed time but I am not aware of a single problem. At work I used Windows computers to run software not available on the Mac and did have some annoying but not serious problems with malware.

Malcolm – It’s not easy to distinguish a spoofed email address from a real one so the best solution is to either ignore the email or contact the relevant organisation using the details provided on their website.

I look back to the early days of the World Wide Web and the NCSA Mosaic web browser, when we could enjoy using computers online without worrying about security issues.

This comment was removed at the request of the user

I don’t doubt that you have valid concerns, Duncan. When I set up my first website in 1995 I was able to have a very good idea of who was using it from the logs of IP addresses combined with other information such as emails. It’s best to assume that everything we do on computers is tracked. However, we need anything involving financial transactions to be as secure as reasonably possible.

I get regularly get emails from so called Paypal fortunately they do go into my scam box so that gives me my first clue, I then forward them on to spoof@paypal.co.uk for them to confirm it a scam email.

The other one ‘Which’ should look into are these computer scammers pretending to be from Talktalk, BT, Windows who ever you may be with, informing you that they have detected a fault with your router or operating system. I am so use to them now that I have reached the point where I engage in conversation with them pretending to follow their instructions only to be cut off like a bolt of lightening when I mention the word scam to them.

Is Paypal using DMARC with their emails ? If not, maybe it’s time for all companies to start using it. As it seems to help highlight fake emails. And for those not in the know … https://governmenttechnology.blog.gov.uk/2016/10/04/why-you-should-be-doing-dmarc/

This comment was removed at the request of the user

I always read ALL Emails at least twice the second time very carefully if the first time of reading raises any slight suspicious I look for anything that could be suspicious many have the same things in them I received one from Which which had suspicious looking things in it so I checked with Which buy a known web address It was genuine If in any doubt at all I delete if I cannot check by other means than that on the email I know that I have deleted genuine ones better be safe than sorry Some people will always fall for the most simple and known about scam Fact ! People??


Reportedly one of the most convincing phishing attacks yet.

I get quite a lot of these; they are so infantile, it amazes me that people fell for them. I just junk them – in fact anything from PayPal. The best cure for all these scams is quite simple – Don’t believe anybody who emails or phones you about money and furthermore – DON’T BANK ONLINE – I spent 30 years in the computer industry and there isn’t anything that cannot be compromised. When buying online get yourself a Credit card with a very low limit – say £500 – not linked directly to your bank account – and only use that (never use a Debit card online). Then you’ll only lose that amount. (Oh, and just wait till somebody finds out how to knock out satellite software, then we’ll really have fun…)

This comment was removed at the request of the user

Any system that uses computers or systems is not 100% secure If someone wants to break into any system they can and many will Those just messing about on a computer quite often get access by accident and then can do whatever they want But I still use mine knowing that silly me

Im on Talktalk mail and I dont think they do anything against spam I report about eight a day to Talktalk .If I get mail from my bank ,Amazon or Paypal I never go onto a link I go into my account from a new tab and if I have no new mail on their site i report the spam to them.

This comment was removed at the request of the user

[Sorry, your comment has been removed for breaching Community Guidelines https://conversation.which.co.uk/commenting-guidelines/. Thanks, mods.]

This comment was removed at the request of the user

Dorothy says:
16 October 2017

The one I got this morning seems to be even worse as when I used forward to paypals spoof address as requested by them the text changed to some personal details which may or may not be genuine. I can forward to Which if you wish.

Had email 10/08/2018 from paypal stating that my debit card ( the last 4 numbers shown on msg) was about to expire, actual expiry date is 01/19,it is a bit of a worry how they have my card number