Common email scams
We typically use email to contact our customers. The information below can help you make sure it’s really us reaching out, and not somebody trying to gain access to your account.
Faked sender email address
Fraudsters can easily fake the “friendly name” in the sender’s email address. For example, an email can appear to be from “PayPal Services,” but actually be from email@example.com.
Some email clients make it hard to see the real name. But if you mouse over the friendly name or click “Reply,” you should be able to see the full email address of the sender. Sophisticated fraudsters can fake the entire name to look like a legitimate sender, so be careful.
Though verifying a correct sender address is important, it’s not enough. It’s important to look at the entire email. When you check your account, always enter "www.paypal.com" into your browser instead of clicking a link in an email.
If it sounds too good to be true, it probably is
Advance fee fraud. Most of us are careful if a stranger approaches on the street and offers a deal that's just too good to be true. But we're much less cautious online, which puts us at risk. If you get an offer for free money, there's probably a catch. Typically, fraudsters will ask you to send some smaller amount (for taxes, for legal documents, etc.) before they can send you the millions you are promised, but which they never intend to send you.
Verify through your PayPal account. If you receive an email that says that you've received a PayPal payment, take a moment to log in to your PayPal account before you ship any merchandise. Make sure that money has actually been transferred, and that it isn’t just a scam. Remember not to follow email links. The safest way to access your account is always to open a browser window, navigate to PayPal.com, and enter your login info.
Be aware of telltale signs of fraud. Messages asking you to pay a small handling fee to collect some fabulous prize are usually a scam. “High-Profit No-Risk” investments are usually scams. Messages insisting that you “Act Now!” for a great deal are often scams.
Fake charities. Scammers use disasters to trick kind-hearted people into donating to fake charities. This usually happens when there is a refugee crisis, a terrorist attack, or a natural disaster (like an earthquake, flooding, or famine). Thoroughly check the background of any charity to make sure your donation goes to real victims. If a charity does not have a website, for instance, be cautious.
To learn more about common scams and how to avoid them, search online for more about advance-fee fraud. You can also read the FBI's material on common types of scams(in English). Most importantly: be as cautious online as you are in the real world.
Here are some common scams where fraudsters use phishing emails:
"Your account is about to be suspended." Many fraudsters send phishing emails warning that an account is about to be suspended, and that the account holder must enter their password in a phishing webpage. Be careful; PayPal will never ask you to enter your password unless you are on the login page. Report any suspect email by forwarding it to firstname.lastname@example.org. This can help keep you secure.
"You've been paid." Some fraudsters try to trick you into thinking that you've received a payment. They want what you're selling for free. Before you ship anything, log into your PayPal account and check that you were actually paid.
"You have been paid too much." Fraudsters may try to convince you that you've been paid more than you were owed. For example, a phishing email says that you’ve been paid $500 USD for a camera you listed at $300 USD! The sender asks you to ship the camera in addition to the extra $200 USD you were “paid” by mistake. In this example, the scammer wants your camera AND your money, but hasn’t actually paid you at all. Don't fall for it! Simply log into your PayPal account and check that you were paid before sending anything.
How to identify real PayPal emails
An email from PayPal will:
- Come from paypal.com. Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name. A sender like “PayPal Service (zxk1942R3@gmail.com)" is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so look for other clues.
- Address you by your first and last names, or your business name.
An email from PayPal won't:
- Ask you for sensitive information like your password, or credit card number.
- Contain any attachments or ask you to download or install any software.
Bogus links in emails
If there's a link in an email, always check it before you click. A link could look perfectly safe like www.paypal.com/SpecialOffers, but if you move your mouse over the link you'll see the true destination. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.
If you do click a link in an email, be sure to review the URL of the site where you land. It is easy for bad guys to copy the look of a legitimate website, so you need to check that you are on the correct website.