FakeOrLegitCheck now

PayPal Scam Emails: Common Warning Signs

PayPal phishing has been around for over twenty years and the templates keep evolving. Today's PayPal scam emails are HTML-perfect, use real PayPal-style buttons and footers, and arrive from spoofed addresses that look almost right. They work because they prey on a real fear - that your money or account is at risk - and they create just enough urgency to push you past your usual caution.

There are three flavors you will see most often: a fake "account limited" notice, a fake invoice or money request you did not authorize, and a fake "someone added a new bank account" alert. All three end the same way: you click a link, you land on a near-perfect login page, and you hand over your real credentials.

FakeOrLegit is not affiliated with PayPal. This guide explains what to check yourself and what to do if you already clicked. The good news: PayPal makes it easy to dispute and reverse most unauthorized activity if you move fast.

Warning signs

  • The sender domain is not exactly paypal.com or service@paypal.com - look at the FULL address, not just the display name. Display names are trivial to spoof; the address after the @ is what matters.
  • The email asks you to log in via a link instead of via the PayPal app or paypal.com directly. Even real PayPal account-action emails tell you to log in via the site yourself.
  • The email threatens account closure or limitation within hours if you do not act. Real PayPal limitations come with a multi-day window and are visible in your real account.
  • It includes an invoice or money request for a product or service you never bought, with a phone number to call to dispute. The number is the scam - the "agent" walks you into wiring money out.
  • It greets you with a generic "Dear customer" or "Dear PayPal user" instead of your real name. Real PayPal emails include your name as you have it on file.
  • The links go to a long suspicious URL or to a non-paypal.com domain. Hover before you click; on mobile, long-press to preview.
  • There are subtle formatting issues - bold weight slightly off, button alignment off, footer text slightly outdated. Scammers iterate but rarely match PayPal's design system exactly.
  • An attached HTML or PDF file is included. PayPal does not send action-required attachments by email.

What to do

  • Do not click any link or button in the email. Open the PayPal app, or type paypal.com into your browser, and log in there. Any real notice will be visible inside your account.
  • Forward the email to phishing@paypal.com - this is PayPal's official anti-fraud inbox - and then delete it from your inbox.
  • If you already clicked but did not enter credentials, you are usually fine - log into the real PayPal directly and confirm your account looks normal.
  • If you already entered credentials, change your PayPal password and your email password immediately. Turn on two-factor authentication in both. Then sign out of all other sessions inside PayPal's security settings.
  • If you already paid an "invoice" or wired money, call PayPal support from inside the official app (Help -> Contact us). Disputes that are filed within 48 hours have the best outcomes.
  • Watch for follow-up scams referencing the fake invoice number - scammers re-use the same victim profile under a "refund department" pretext.
  • If you used the same password on other sites, change it everywhere. Use a password manager going forward so this is not a problem next time.

FAQ

Will PayPal email me about real account issues?
Yes - but they will never ask for your password by email, and they will not link to a sign-in page. Always log in via the official app or by typing paypal.com yourself to confirm.
What if the email shows my full name and last 4 of my card?
That information leaks from many breaches and is widely traded. Personalization does not prove an email is real. Verify by logging in directly.
Is phishing@paypal.com still active?
Yes. PayPal continues to monitor that address. Forwarding the email helps them shut down the campaign faster.
Should I report this to anyone else?
Yes - the FTC at reportfraud.ftc.gov. If you lost money, also file with your local police; many insurance and credit policies require a police report number.
What if it was a real PayPal email and I dismissed it?
Open the real PayPal app or paypal.com - any genuine account-action item will be visible inside. PayPal does not lock you out for ignoring an email.

Run a check now

If a specific link or message triggered this guide, paste it for an instant risk report.

Check a websiteCheck a message

Related guides

Brand impersonation

Fake PayPal Invoice Scam: How It Works

Fake PayPal invoices for products you never bought are designed to make you call a fraudulent support number. Here are the red flags.

Read guide →
Brand impersonation

Venmo Payment Request From a Stranger

Small Venmo requests from familiar-sounding names are a setup. Here is how to recognize the trick.

Read guide →
Foundational

How to Check if a Website Is Legit

A simple, honest checklist for spotting a fake or scam website in 30 seconds before you share information or pay.

Read guide →
Brand impersonation

Fake Amazon Account Locked Email or Text

Amazon "account locked" scams are everywhere. Here is how to spot the fake and protect your account.

Read guide →
Foundational

Online Shopping Scam Warning Signs

Fake shops copy real brands, take your payment, and ship nothing - or counterfeits. Here is the 30-second checklist that catches most of them.

Read guide →

Disclaimer

FakeOrLegit provides automated risk signals based on publicly observable patterns. We do not guarantee that any site, email, or message is safe or unsafe. Always use your own judgment, and contact the real institution directly to verify any request before sharing personal or payment information.

FakeOrLegit is not affiliated with PayPal. PayPal did not send and does not endorse this analysis.