PayPal processes over $400 billion in payments annually and serves more than 430 million active accounts worldwide. That massive reach makes it one of the most impersonated brands in online fraud. McAfee reported a 600% spike in PayPal-related scam emails since January 2025, and ESET telemetry detected over 4,000 PayPal phishing attempts in just the first half of that year. The FTC received more than 3 million fraud reports in 2025, with imposter scams — including those mimicking PayPal — generating over $3.5 billion in consumer losses.

The Most Common PayPal Scams

Phishing Emails and Fake Login Pages

This is the most widespread PayPal scam by far. You receive an email that looks like it came from PayPal, warning of suspicious activity, a locked account, or an unauthorized purchase. The email contains a link to a convincing replica of the PayPal login page. Once you enter your credentials, the scammer has full access to your account. You can check suspicious links before clicking them.

Knowing how to spot a scam website is critical here. Modern PayPal phishing campaigns have become disturbingly sophisticated. One documented scheme uses DocuSign's legitimate email infrastructure to deliver phishing messages, making them nearly impossible to distinguish from authentic communications. Another variant sends fake purchase confirmations for expensive items like Bitcoin or electronics, urging you to call a phone number to "dispute" the charge — where a scammer walks you through installing remote access software.

Fake Invoice Scams

Scammers use PayPal's own invoicing system to send you a legitimate-looking invoice for products or services you never ordered — often for cryptocurrency purchases, security software, or tech support. Because the invoice is sent through PayPal's real system, it arrives from a genuine PayPal email address, bypassing most spam filters. The invoice includes a note urging you to call a number if you did not authorize the purchase. That number connects you to a fraudster.

Overpayment Scams

A buyer "accidentally" sends more than the agreed price for an item and asks you to refund the difference. The original payment is made with a stolen credit card or hacked PayPal account. After you send back the overpayment, the original transaction is reversed, and you lose both the item and the refunded amount.

Friends and Family Payment Tricks

Scammers insist on receiving payment through PayPal's Friends and Family option instead of Goods and Services. This is deliberate — Friends and Family transactions do not qualify for PayPal's Buyer Protection or Seller Protection programs, leaving you with no recourse when the deal goes wrong.

Shipping Address Manipulation

A buyer pays for an item and then asks you to ship it to a different address than what is listed in PayPal. If you comply and the buyer later claims the item was never received, PayPal sides with the buyer because you shipped to an unverified address. Always ship only to the address shown in the PayPal transaction details.

Fake "Account Suspended" Messages

You receive a text or email claiming your PayPal account has been suspended due to unusual activity. The message includes a link to "verify your identity." These messages are designed to create panic and urgency. PayPal communicates account issues through your dashboard and official emails, not through text messages demanding immediate action.

How to Identify a Fake PayPal Email

Spotting fraudulent emails is your first line of defense. Look for these red flags:

• Generic greetings like "Dear User" or "Dear Customer" instead of your full name
• Sender addresses that use variations like service@paypal-secure.com instead of @paypal.com
• Urgent language pressuring you to act within 24 hours or lose account access
• Links that do not point to paypal.com — hover over any link before clicking to see the actual URL
• Attachments — PayPal does not send email attachments
• Requests for personal information such as your password, Social Security number, or bank details
• Poor grammar and formatting inconsistent with professional communications

You can verify any suspicious communication by forwarding it to phishing@paypal.com and then logging into your account directly at paypal.com to check for alerts.

How to Protect Your PayPal Account

Enable two-factor authentication. Go to Settings, then Security, and turn on 2-Step Verification. This ensures that even if a scammer obtains your password, they cannot access your account without the second factor.

Never send payments via Friends and Family for purchases. This option should only be used with people you personally know and trust. Legitimate sellers will accept Goods and Services payments, which carry buyer and seller protections.

Verify invoices inside PayPal. If you receive an unexpected invoice, log into PayPal directly and check your activity. Do not call phone numbers or click links included in the invoice message.

Monitor your account regularly. Review your transaction history weekly and set up notifications for all account activity. Early detection of unauthorized transactions increases your chances of recovery.

Keep your contact information current. Ensure your email, phone number, and recovery options are up to date so PayPal can reach you about genuine security alerts.

What to Do If You Have Been Scammed

1. Log into PayPal directly and change your password immediately
2. Report unauthorized transactions through the Resolution Center at paypal.com
3. Forward phishing emails to phishing@paypal.com before deleting them
4. File a report with the FTC at reportfraud.ftc.gov
5. Report to the FBI IC3 at ic3.gov for significant financial losses
6. Contact your bank if your linked accounts may be compromised
7. Check your credit reports through AnnualCreditReport.com for signs of identity theft

If you paid a scammer through PayPal Goods and Services, you may be eligible for a refund under PayPal's Buyer Protection policy. File a dispute within 180 days of the transaction. If you used Friends and Family, recovery is unlikely through PayPal, but your bank may be able to assist with a chargeback on the underlying funding source.

Related Resources

PayPal remains one of the safest ways to pay online when used correctly. The key is to never interact with your account through links or phone numbers sent to you — always go directly to paypal.com. If an email makes you feel panicked or rushed, that urgency itself is the strongest indicator that it is a scam.