PayPal Phishing Scams

Browse the Web with Firefox for protection against spyware, hackers, spoofing and phishing scams

PayPal scam e-mails normally involve a link on which the user must click. The link takes you to a server where you have to supply sensitive and private information including credit card numbers, your PayPal account number, pin numbers and passwords. This information is supposedly needed to update or verify your account, but this is a BIG lie, PayPal never sends out e-mails to verify the information of their members. Below is a list of common characteristics that you can look for when you get e-mails like this. This makes it easier to verify whether the e-mail is legitimate or not. Rule of thumb: E-mails asking for any personal information are always fraudulent.

The e-mail address of the sender should be from a paypal.com e-mail address. Any variation of the domain like paypalssl.com should flash warning lights. Even fraudulent e-mails may contain the paypal.com domain in the e-mail address because some scammers spoof the e-mail address so that it appears to be directly from PayPal. You can also verify if an e-mail address was spoofed by checking the e-mail header, but this involves advanced computer knowledge and may not be possible for novice users. For those who are interested, visit the following page about reading e-mail headers. This characteristic is not always consistent and can't be used as the deciding factor for identifying a fraudulent PayPal e-mail.
Generic greetings like Dear PayPal member. PayPal knows the names of their members and will address you on your name. Again this is not foolproof and clever criminals can get your personal details and address you on your name in the e-mail.
Bad spelling and grammar. This is common among many hoaxes and scams.
The text of the links in the e-mail may look legitimate but the links actually point to a dangerous location. Never click on any suspicious links, some of these links may point to web sites that install virusses or spyware. Hover with your mouse pointer over the links in the e-mail and keep an eye on the status bar at the bottom of your screen. The URL (Internet Address) that appears in the status bar should always start with http://www.paypal.com or https://www.paypal.com. Links that start with an IP address are always fraudulent. Legitimate PayPal URL's never include an IP address and links looking like this are always fraudulent: https://65.187.221.1/paypal/userinfo.html (65.187.221.1 is the IP address). An e-mail program like Mozilla Thunderbird can detect when an URL starts with an IP address and warns you when you click on it. Fraudulent links may even include the word PayPal. http://www.anysite.com/paypal/login.html and http://www.intl.paypal.com are both fake links because even though they include the word PayPal in the address, their top-level domain is not paypal.com.
There is a false sense of urgency in some fraudulent e-mails. Do you really think PayPal will suspend the accounts of their members without giving them enough time to respond? This will cause many members to become unhappy and they will lose customers this way.
E-mails from PayPal with attachments. PayPal never send e-mails to their members containing attachments. Typical attachments are zip files and exe files. They are most of the time some kind of virus or spyware that will do the information collection for these cyber criminals. This is why it is so important to keep your anti-virus and anti-spyware software up to date at all times.

If you received an e-mail that appears to be from PayPal and you are unsure whether it is legitimate or not, forward the e-mail to spoof@paypal.com and they will be able to tell you. If you are not a PayPal member, you can conveniently ignore e-mails like this. For what reason will PayPal want to contact you if you don't have a PayPal account, never applied for one or never did any business with them?

Visit the PayPal Security Centre for more information.

Below are links to copies of typical PayPal phishing scam e-mails. Note that the original formatting of the e-mails was preserved and this is more or less how they look when you open them. We have disabled the links in the e-mails because they point to dangerous locations that may result in identity theft, financial loss or they might infect your computer with viruses or spyware.

PLEASE NOTE: PayPal is NOT responsible for these e-mail scams. Organisations and individuals pretending to be PayPal initiate them. PayPal.com, PayPal, and all related logos are either trademarks or registered trademarks of PayPal, Inc., or its licensors. Cyber Top Cops is in no way affiliated with PayPal.

[Back To Hoaxes, Spams and Scams Index]