Common PayPal Phishing Scams and How to Avoid Them

Fake login pages mirror PayPal’s design closely. They may be hosted on compromised WordPress sites, newly registered domains, or cloud storage pages wrapped in redirects. The tell is almost always the URL: only `paypal.com` and documented regional subdomains are legitimate for account access. Anything like `paypal-secure-login.net` or `paypa1-verify.shop` is fraudulent.

Never authenticate through links in unsolicited messages. Open the PayPal app or type the address yourself. If you already submitted credentials on a suspicious page, change your password from a clean device and review account activity immediately.

Email lures often claim unauthorized transactions, shipping confirmations for items you did not buy, or policy violations. They include branded headers and footer boilerplate copied from real messages. Check the sender domain—not just the display name—and inspect link destinations before clicking.

• Generic greetings (“Dear Customer”) alongside urgent threats
• Attachments you did not request (invoices, HTML files)
• Buttons that link to domains unrelated to PayPal
• Spelling errors in security-critical instructions

Text messages compress decision time: “Payment of €482 pending—tap to cancel.” Mobile screens hide full URLs, making smishing especially effective. Do not tap; open PayPal independently. Report smishing to your carrier and national fraud reporting channels where available.

“Verify within 24 hours or your account will be limited” is a pressure script designed to bypass skepticism. Real account issues are visible inside the official app without secret links. Scammers also ask for photos of ID cards, cards, or SMS codes—legitimate providers do not request full card images by email.

Classic phishing captures email and password on a fake form. Advanced flows add fake 2FA prompts, reverse-proxy kits that relay your real OTP to the attacker session, or follow-up calls pretending to be fraud departments. Once inside, criminals send money, buy goods, or harvest stored payment methods.

Marketplace scams sometimes combine PayPal branding with fake buyer/seller messages—always confirm payment status inside PayPal itself, not via screenshots sent in chat.

• Links that do not resolve to an official PayPal domain
• Requests for passwords, PINs, or authenticator codes by message
• Threats of instant closure unless you act immediately
• Payments to personal accounts for “buyer protection” myths
• Checkout pages that mention PayPal but redirect elsewhere

Beyond login pages, criminals send fake invoices and shipping labels through marketplaces and classifieds sites. The message claims a buyer paid via PayPal and includes a link to “claim” funds. The link leads to a fake form requesting card details or an “upgrade” fee. Real PayPal transactions appear in your account when you log in directly—never through a third-party link sent in chat.

Another variant impersonates merchant services, threatening to hold payouts until you “re-verify” business details. Small sellers under time pressure are frequent targets. Keep a written checklist: log in via the app, compare transaction IDs, and call support using the number on PayPal’s official site—not a number in the email.

Change your password immediately from a device you trust, enable strong two-factor authentication, and review connected email accounts. Check for auto-forwarding rules attackers add to hide password resets. Notify your bank if you entered card data. Report phishing to PayPal through official reporting forms and to national cybercrime portals where you live.

Screenshot the phishing URL and message for reports, but do not revisit the page unnecessarily. Sharing indicators helps platforms block campaigns faster.

Copy the link target (long-press or “copy link address”) and paste it into Fraudly’s free checker. Review trust and phishing context, then compare with official channels. Explore related examples on latest checks to see how impersonation domains appear in public scans.

For general verification habits—HTTPS limits, reputation, malware warnings—read how to check if a website is safe. For storefront fraud that mentions PayPal at checkout, see how to detect fake webshops.

Stay informed via scam alerts when new PayPal-themed campaigns spike. Fraudly is informational, not affiliated with PayPal—but it helps you decide whether a URL deserves your credentials.