Forgot your password?

Don't Get Snagged by the PayPal Phisherman

By 1 2

The Internet has opened the virtual door for scammers to try to cheat other people. Many of these savvy schemers have discovered a number of "phishing" techniques that are successful ways to attempt to gain entrance to web users' personal and sensitive information.

Phishing occurs when an email recipient receives a message which requests him or her to reply and send information. The message may contain a hyperlink embedded asking the recipient to click it. People who do this are brought to a website which looks very similar, if not identical, to the official web page of a business. Scammers use this technique in the hopes of getting people to cough up valuable personal data.

Credit: OFFICIAL LEWEB PHOTOS on Flickr/CC by 2.0 https://www.flickr.com/photos/leweb3/8250085594

Why Scammers Imitate PayPal

PayPal is a company which is frequently impersonated by phishermen. This is due to the large volume of people using the service (much like Facebook being targeted due to its massive user base). Since PayPal is so popular, the scammer realizes if he or she sends out mass numbers of email posing as the company, there is a strong chance some of the email's recipients use this website. With the large number of phishing emails sent out, the probability is high at least a few people will click on the link and share valuable private information.

Often the phishing email and linked website are designed so well recipients can't even see any obvious differences; this is done intentionally in attempts to entice people to share their personally identifying information (PII) or passwords to give access to their accounts.

Scammers who actively engage in phishing are very good at what they do but, fortunately, there are a few tell-tale signs and red flags to help people determine if an email is a scam.

You Don't Have an Account

If you don't have an account with PayPal, this is a fraudulent email. This may sound obvious, but unfortunately some people do click on the links when they see the title "Your account has been compromised" without looking closely and then either download what the message instructs them to do or click on additional links. Scammers count and prey on people's vulnerability and/or fear. If you don't have an account with PayPal, hit that delete button.

Email Has an Urgent Tone 

If the email you've received has an alarming tone, chances are this too is a scam. Messages designed to invoke fear are a common social engineering tactic used to get a potential victim to comply with a request. If an email sounds urgent, this is usually a ploy to panic the recipient. Scammers posing as PayPal like to tell people their accounts are in jeopardy or they've been the victim of a security breach.

PayPal Phishing
Credit: Saidul A Shaari on Flickr/CC by 2.0 https://www.flickr.com/photos/34244450@N07/3282328776/

Notice the "paypall" email address is not how the company spells its name.

Legitimate companies wouldn't send their users a panick-y sounding email and, if you do happen to receive one, it's best to contact PayPal directly (start a new email, never reply to the original) to ask if there is a problem.

Littered with Errors

Usually, scammers are very good at imitating company logos and other phrases, but it is not uncommon for a phishing email to contain some misspellings or poor grammar. This is a dead giveaway the email it is a scam. Companies like PayPal would not send out any correspondence that is littered with typos or other errors. They’d also never send out a vague-looking email with one or two sentences with a link with no contact information after the signature (and keep in mind even if there is contact information, it could be faked).

Strange-Looking URLs 

Another good indicator of a scam is if the URL listed in the email is an odd-looking derivative of www.paypal.com. You should never click on any links if you aren't 100 percent sure of who has sent the email, which is most of the time. Unfortunately, companies as large as PayPal have many email addresses they use (some auto-generated) and this makes it harder to tell if the email is legitimate or not.

The way to avoid this dilemma is to open up your web browser and type in the URL yourself to visit the official website and not click on any links embedded in the email you received. It is good practice, even if the email looks genuine, to err on the side of caution.

Requests For Information 

If the email asks for account or password information, this is a scam. Legitimate companies will never ask their customers for sensitive information in an email. If you receive an email asking for private information, do not enter information in a response or click on a link to enter your details.  Don't call the customer service phone number in the email, if one was added.

PayPal phishing email
Credit: Saidul A Shaari on Flickr/CC by 2.0 https://www.flickr.com/photos/34244450@N07/3281518223/

Chances are if you do any of these, it is not PayPal receiving the information, but the scammer is meticulously recording all the information to use for illicit reasons.

Other Things to Know

Scammers sometimes are not too clever in disguising their email address. Sure, they'll use the PayPal name, but they will use a generic Gmail or Yahoo! address or use PayPal in the name. "PayPal" may show up as the sender, but if you hover over the address with your mouse, you can often see the true address. However, there are some who spoof legitimate addresses or come up with a clever enough sounding name to try to convince people they are the company.

It is important to understand the ways you can recognize an email scam so you don't become a victim. If you ever receive any correspondence from PayPal in email and you find it questionable or if you detect something wrong, you can contact the company under separate email or by telephone to ask if they need information.

PayPal safety tips
Credit: Robert Nelson on Flickr/CC by 2.0 https://www.flickr.com/photos/robertnelson/405058186/

Personally, I never click on anything or respond to any emails that come from them just to be 100 percent certain even though many of these are likely legit.  If there is a question, I write PayPal separately and make the email a forward to ask the company if a representative sent me that email.

It is also a good idea to forward PayPal the email you suspect is phishing for information because these companies take impersonating emails very seriously. When you report them you do your part in preventing someone else from becoming a victim. You can send these to: spoof@paypal.com.

PayPal scams have been circulating for a long time, but the scammers don’t give up. Even if a small percentage of people fall for the scam, it’s a lucrative day for the thieves. Don’t be one of those snagged by the phisherman.



Apr 1, 2016 7:51am
This article is full of good advice. I got caught by the PayPal Phisherman once. The e-mail was very professional-looking and I was a bit of an internet innocent at the time. I was, however, very impressed with PayPal's response. As soon as I contacted them, they locked down my account immediately. I then had to send them documentation to prove who I was before I could access my account again.
Apr 4, 2016 4:27am
That's good to know they take quick action. Thanks also for reading and commenting
Add a new comment - No HTML
You must be logged in and verified to post a comment. Please log in or sign up to comment.


  1. "Common Scams." PayPal. 30/03/2016 <Web >
  2. "Report a suspicious email or website." PayPal. 30/03/2016 <Web >

Explore InfoBarrel

Auto Business & Money Entertainment Environment Health History Home & Garden InfoBarrel University Lifestyle Sports Technology Travel & Places
© Copyright 2008 - 2016 by Hinzie Media Inc. Terms of Service Privacy Policy XML Sitemap

Follow IB Business & Money