PayPal Scams & How to Avoid Them

PayPal scams—why you should care

Getting you to click on a link or attachment in a fraudulent PayPal email could be the end goal of a scam, or it could just be the beginning. You could end up downloading malicious code onto your device or you could find yourself on a phishing site designed to grab as much of your personal information as possible.

Once a scammer or hacker knows your full name, contact details, financial information, and PayPal login credentials, what they do next is really out of your hands. They could clean out your PayPal account, for a start, but many will have their sights set on bigger prizes.

With enough information on you, scammers can compromise your other online accounts, gain access to your online banking, maybe even take out loans in your name. Everything up to and including identity theft is on the table at that point.

Losing whatever money you have on your PayPal account is no fun, but it might end up being the least of your worries. Keep reading to see how the most popular PayPal scams work so that you can spot and avoid them in the wild.

14+ common PayPal scams to watch out for 

Fake PayPal unauthorized activity text alerts 

The more convincing PayPal scams create a sense of urgency to get you to act just a little bit faster than you’re able to think. No one is able to consistently make good decisions when they’re flustered and rushed, scammers know this and often rely on it for their scams to work.

You might get a PayPal unauthorized activity text message or a fraud alert message from a number that’s claimed to belong to PayPal. The text message will typically include a link that will allegedly allow you to check the activity on your account and take action.

It’s normal for your first reaction to be to click on the link and start getting to the bottom of this unauthorized activity on your PayPal account. The trick is to give yourself the opportunity to think twice before clicking.

Whenever a text message or email causes you to feel anxious or rushed, put your phone down and take stock. If there really was unauthorized activity on your account, you’d be able to see evidence of it when you log in.

So ignore the link in the fraud alert message and log into your PayPal account from a browser or the app. Don’t see any notifications or suspicious activity there? Then the fraud alert message was definitely a fake and you can safely ignore it.

PayPal email scams claiming your account has been locked

If “unauthorized activity” doesn’t quite get your heart pumping enough to cloud your judgment, maybe being told that your account has been locked will. Scammers will send you an email that, at first glance (if you don’t look very closely), looks like it came from PayPal.

The logo and general layout might look legit, but it’s likely that there’ll be spelling and grammar errors throughout the copy. The sender’s email address won’t come from the paypal.com domain, but it might look like it does. And then there’s that sense of urgency again.

You’re informed that your account has been locked or suspended and provided a link to straighten things out. As with the previous type of scam, the golden rule is to never click on links. Log into your PayPal account through the app or www.paypal.com. If you’re able to do so and don’t have any notifications, you’re in the clear.

Fake password-reset emails

As you can probably tell already, PayPal phishing scams are particularly popular. These are scams that pressure, tempt, or trick you into giving up personal information, including your PayPal login credentials.

This PayPal scam involves scammers sending you a password-reset email that could pass for the real deal. The email includes a link through which you can log into your PayPal account, only that the link leads to a fake PayPal login page.

Attempt to log in through this fake PayPal login prompt and the scammers already have your login credentials. Continue to work through the process of “securing your account” and you stand to give up even more personal information.

If they get your Social Security number and other sensitive details, you put yourself in danger of having your bank account compromised and even your identity stolen.

Malicious PayPal email attachments

Links aren’t the only things you need to watch out for and steer clear of. The point of a PayPal scam email may well be to get you to open an attachment. Opening attachments is at least as dangerous as clicking on links.

The attachment might install and/or execute malicious code on your device, for example. Malicious code like this could break your system, install ransomware or, more likely, sit quietly and collect data from you without you ever knowing.

A keylogger is a piece of software that logs every keystroke you make—every username and password, every 2FA code, everything you type gets recorded, packaged up, and sent back to the hacker or scammer who got you to click on that attachment.

Finally, some attachments are, in fact, links dressed up to look like attachments. The same rule applies as with links: never click on attachments you weren’t expecting and that don’t come from a trusted source. Anything PayPal emails you will also appear directly on your account.

Fake PayPal invoice updates

These scams are a little more sophisticated than most. The basic ingredients are still there: PayPal scammers send you a PayPal invoice via email. It contains links to the PayPal website and a link that’ll let you view and pay the invoice.

The included seller’s note explains that a significant charge has been debited to your account for a purchase you don’t recognize and didn’t make. This note includes a toll-free number that you’re encouraged to call for assistance.

The twist with this PayPal scam is that the invoice you receive is real, and it’s sent from a real, verified PayPal Business account. The scammers either set up these accounts under false pretenses or gain access to hacked business accounts.

So this one doesn’t lead to a phishing site. The catch here is that toll-free number. Call that and the first thing that happens is your number gets added to scam lists, given that you’ve just shown the scammers that you’re the kind of person to engage with them.

Talk to the scammers and they’ll pump you for personal information that they can then use to perpetrate other scams, compromise your PayPal and other online accounts, and even steal your identity. So phishing is still one of the main goals, even if there’s not a phishing site involved.

The scammers will then try to convince you to download and install software that’ll give them remote access to your computer. If you do that, there’s virtually no limit to what the scammers or a hacker can do.

If you receive one of these fake invoice updates, contact PayPal directly to report the scammer’s account. Log into your PayPal account via the app or through a browser if you have any lingering concerns about the invoice. 

Fake PayPal email confirmations

Yet another phishing scam involves scammers sending you a fake PayPal payment confirmation email. All the familiar ingredients are here: a sense of urgency, a touch of panic, a link here, an attachment there.

The goals of this scam are familiar too. Phishing first and foremost, maybe PayPal account access, maybe the full-on compromise of your bank account, or the worst case scenario: identity theft.

If you get an unexpected PayPal confirmation email, you know the drill: don’t click on any links or attachments, check on your app or on PayPal.com if you’re concerned.

Fake PayPal payment scams

There’s a family of scams that involve PayPal scammers sending you too much money, sending you money “by accident”, or simply faking PayPal payments altogether.

Fake PayPal payment scams typically revolve around online sales. The scammer shows interest in your Craigslist or eBay ad and agrees on a price while insisting on using PayPal as the payment method. They then show you a fake payment confirmation and try to convince you to ship the item.

PayPal overpayment scams involve PayPal scammers sending significantly more than the agreed amount. They then “realize their mistake” and ask you to refund the difference. Often, the money really is in your PayPal account, but it comes from a stolen credit card or hacked PayPal account.

Even if it doesn’t, the scammer will initially send you money from a PayPal account but then ask you to send the refund to an account on a different platform, like Cash App. As soon as your refund hits their account, they cancel the transaction to get their original transfer back. Either way, you end up out of pocket twice.

Sometimes a scammer will just randomly send you money. They’ll then contact you to explain that they sent it to you by accident and ask for a refund to another account. The rest is the same as with an overpayment scam. The money will either evaporate or get snatched back by the sender after you make the transfer.

PayPal shipping scams

These PayPal scams mainly target professional sellers on platforms like eBay and Amazon, but they can affect private sellers offloading the odd item here and there too. There are several ways in which PayPal shipping scams can work, but the most common involves scammers providing an invalid delivery address.

The scammer purchases something from you but provides an invalid delivery address. They wait until the address they provided gets flagged as unreachable by the delivery company and then contact it directly to provide a legitimate delivery address. The scam comes to a close when the scammer contacts PayPal.

They contact PayPal to lodge a complaint, alleging that they never received their order. It’s at this point that you realize that you can’t actually prove that they’re lying: all of your documentation shows the original, invalid shipping address. The result? You lose the package and the payment.

This scam really could trip anyone up. There’s no easy, hassle-free way to protect yourself, but there are some things you can do to dramatically reduce your chances of falling for this scam. Check shipping addresses before sending any packages—if something looks off, contact the buyer for clarification.

Work with a shipping company that won’t reroute packages without your knowledge or consent, and make sure any such changes are documented with either PayPal or at least the e-commerce platform you’re on.

The single most effective thing you can do is to require a signature at delivery. This will only work if your delivery company actually enforces the requirement, and it might come at an extra cost.

Fake PayPal tech support scams

An absolute classic when it comes to scams, this one involves scammers contacting you, usually by phone, text, or email, and claiming to be from PayPal’s tech support team. Their goals fall into one or both of two categories: they either want money from you or your personal information.

Of course, if you give up personal information, you’ll end up losing money too, one way or another. These scammers will typically try to put you under pressure, usually claiming that something has gone wrong with your PayPal account. They’ll then offer to fix the nonexistent problem for a fee or pump you for information.

The message or call you receive can be pretty scary, telling you your account has been locked, overcharged, or cleared out. The longer they keep you engaged in a back and forth, the greater the chances that you’ll give up exactly the personal information they’re looking for.

What seem like unrelated scraps of information to you could be just the pieces they’re missing to access your account, authorize a payment, and wreak havoc on your life beyond PayPal. They could even steal your identity and use it to take out fraudulent loans or otherwise rack up debt in your name.

The way to beat this scam is simple and it never fails, as long as you’re disciplined enough to stick to it. Never click on links in an SMS or email and never answer calls from unknown numbers. The first part comes without downsides, but never answering calls from unknown callers can be more of a hassle.

If you get a call from an unknown number, the safest thing to do is to just let it ring out and look the number up in your favorite search engine. You should find some websites that allow people to rate these numbers and leave short comments. If you see a lot of downvotes and negative comments, it’s probably a scam number.

The other thing to keep in mind is that if something were to happen with your PayPal account, you’d get a notification directly in your account. So if you do get a fake PayPal tech support message, simply set it aside and log into your PayPal account. If everything there looks fine, then it probably is.

“Friends and family” payment scams

PayPal offers two payment types: “sending to a friend” and “paying for an item or service.” Which one you choose when making a payment matters for two key reasons. Using the “sending to a friend” option is fee-free in the US (if you use your bank account or PayPal balance), but it comes with a huge disadvantage.

“Sending to a friend” is meant for friends and family, in other words people you can presumably trust. Payments made in this way are not covered by PayPal Purchase Protection. This means that, should something go wrong, you’re on your own if you sent money using this option.

The other option, “paying for an item or service,” is what you should be using when dealing with people who aren’t friends or family. The seller pays a small fee in transactions like this, but the upside is that payments for eligible goods and services are covered by PayPal Purchase Protection.

You can probably already guess how this scam goes. You’re interested in buying a good or service on an e-commerce platform like Facebook Marketplace, Gumtree, or Craigslist. The seller suggests you make a “friends and family” transfer to save on fees, they might even offer you a discount to sweeten the deal.

If you agree, they take your money and run. Without PayPal Purchase Protection, there’s nothing you can do. Leave “friends and family” transfers for friends and family. Use a credit card or PayPal with Purchase Protection active to stand a chance of getting your money back in such cases. 

Advance-fee scams on PayPal

Another kind of scam that does the rounds on all sorts of payment platforms is commonly known as an advance-fee scam. Here’s how it works: the scammer leads you to believe that they have a large transfer for you, but you have to pay some sort of fee or cover some charges before they can make the deposit.

Any offer like this is a scam, and PayPal transfers for which you have to pay up front are no exception. Be extremely suspicious of offers of free money, doubly so if you have to pay to receive that “free money.” If somebody really did want to send you money out of the blue, they’d cover the fees themselves.

If you’re not expecting a transfer from someone, it’s safe to assume that any such transfer is part of a scam. Common sense suggests that if someone has the money to transfer you, they can cover any associated costs, even if by taking those fees out of the total amount.

Charity donation scams on PayPal

Scammers impersonating legitimate charities or inventing altogether fake ones are nothing new and they’re not unique to PayPal. People running charity scams can use any number of payment methods to accept donations, including cash. PayPal just happens to be particularly popular and widely recognized.

Sad as it is, you have to be extra careful when dealing with people who claim to represent charities. Stick to charities you recognize and trust, and always check the official website for supported payment methods and official payment links. Legitimate charities are unlikely to spam messages on social media and chat platforms.

The Better Business Bureau (BBB) publishes an extensive “Wise Giving Guide” three times a year to help you make informed decisions when choosing a charity. There are also independent watchdogs like Charity Watch that maintain rankings of charities. Charity Navigator even makes choosing from among the legitimate charities easy.

PayPal crypto scams

There are those who’ll tell you that all crypto is a scam, but we’re focusing on the kinds of scams that even the most hardcore crypto bros wouldn’t get behind. If something sounds too good to be true, it probably is—no amount of crypto fairy dust can change basic economic realities.

Any scheme that promises amazing returns on your crypto investment is a scam. Scammers will weave PayPal into their traps in various ways, from simply offering PayPal as a payment method to more elaborate schemes. One particularly popular crypto scam doing the rounds involves fraudulent invoice emails.

The scammers send you an invoice, usually for a Bitcoin purchase you didn’t make. The invoice is probably real—scammers can create or hack into a PayPal Business account—but the scam relies on you not knowing what a PayPal invoice truly is. Most people assume an invoice is a proof of purchase, but that’s not how it works on PayPal.

On PayPal, an invoice is just a request for payment. Anyone can send you an invoice, it just means that they’re requesting payment. The seller’s note on the invoice can say anything at all. So scammers will add notes to their payment requests to make it look like you’ve just purchased Bitcoin.

The seller’s note will also typically include a phone number for dispute resolution. The goal of the scam is to get you to either pay the requested amount or call the number. If you call the number, the scammers will try to get you to give up personal information and/or pay made-up fees for “canceling” the transaction.

The solution is simple: just ignore the payment request. If you want to be a good Samaritan or just stick it to the scammers, forward the email to phishing@paypal.com. Do not call the number, reply to the email, or attempt to contact the scammers in any other way—you’ll only be setting yourself up for future scam attempts.

How not to get scammed on PayPal

Even if you only skimmed through a few of the above PayPal scams, there are probably some pieces of advice you’ve noticed coming up time and time again. Here’s a TL;DR rundown of what you can do to stay safe while using PayPal to either send or receive funds:

Never click on links

Anything PayPal-related that pops up on your phone or computer outside the official app or website is immediately suspect. Don’t click on links in text messages, emails, or pop-up windows. Instead, set all that aside and check directly on the official PayPal app or website.

Don’t share personal information

PayPal staff won’t ask you for your password, 2FA codes, or any other personal information—they have what they need on file. Really, you should only ever enter sensitive personal information into PayPal’s official website using a trusted device. Scammers can do an awful lot with your personal data.

Use the right transaction type

“Sending to a friend” transfers are a trade-off: the seller (or sender) saves on fees at the expense of the buyer missing out on PayPal’s Purchase Protection. This makes perfect sense when making transfers between family and friends, but absolutely no sense when making purchases online.

Instead, always choose “paying for an item or service” when doing exactly that. This will leave you with the option to make use of PayPal’s Purchase Protection on eligible transactions should something go wrong.

Verify PayPal accounts before making a transaction

Double check that the PayPal account to which you’re sending money actually belongs to who you think it does. This is especially important if you received the PayPal payment details via a text message, in a chat, or in an email. Check the seller’s website or profile or contact them through official channels to confirm.

Make it difficult for scammers to find you in the first place

Some scams are like traps left out in the wild for you to come across or walk into. Others are targeted at you from the outset. To find and home in on you like that, scammers need to have at least some of your personal information. In many cases your name and phone number or email address, at a bare minimum.

This is where you can stop scammers in their tracks. They can’t harass you with their schemes if they can’t get a hold of you in the first place, and they can’t get a hold of you if they don’t have your contact details. So how do you cut scammers off at the source? How are they getting your personal information?

Many scammers will get your contact information and more from people search sites. These are websites that specialize in collecting, sharing, and selling access to everyday people’s personal information. They have no qualms about putting everything from your age to your court records out there for everyone to see.

There are also companies that deal in personal information behind the scenes, without a public-facing database that shows up in web searches. These companies are known as data brokers, and they’re a goldmine for scammers looking for fresh victim pools. There’s something you can do about both people search sites and data brokers.

State data privacy laws make it so that these companies have to remove your personal information when you ask them to. Check out our opt-out guides to help you navigate their individual opt-out processes or use our personal information removal service to keep your data off the web automatically. 

What to do if you do get scammed on PayPal

The worst thing you can do after getting scammed on PayPal is nothing. As irritating and stressful as falling for a PayPal scam can be, there’s a lot you can and should do to limit the damage the scammers can do. Even if you’ve already lost some money, it’s worth acting fast to stop the losses there.

Here are some next steps you can take to protect your accounts, data, and PayPal balance:

1. Change your passwords. First and foremost, secure your PayPal, bank, and any other online accounts that may be compromised. Set a strong, unique password for each account. Use a password manager like NordPass or Bitwarden to generate and securely store all of your passwords.
2. Report spam to PayPal. You can report phishing emails directly to PayPal by forwarding the entire phishing email or phishing site details to phishing@paypal.com. Don’t change the subject line or forward the email as an attachment. You can then delete the email and block the sender’s address.
3. Report fraud to PayPal. You can report fraud and unauthorized account activity to PayPal by calling PayPal customer service on 1-888-221-1161 (or 1 (402) 935-2050 from outside the US), using the form in the PayPal Resolution Center, or writing to PayPal at:

Attn: Error Resolution

Department P.O. Box 45950

Omaha, NE 68145-0950 USA

4. Report the scam to your local police. Take any evidence you managed to collect, like screenshots of your interactions with the scammer, and file an official police report. Make sure to call a non-emergency number or visit your local precinct in person. Even if police aren’t able to help directly, leaving a paper trail or having a police report on file could help you recover funds down the line.
5. Report the scam to the Federal Trade Commission (FTC). The police, if they’re able to act on your report at all, will act on your behalf. The FTC can’t do this, but it does collect information and evidence from individuals like you and then pursues the fraudsters on its own behalf. Submit a report with the FTC to bring the scammers that much closer to justice.
6. File a complaint with the Better Business Bureau (BBB). If the scam that affected you involved the name of a registered company, you can file a complaint with the BBB. This won’t directly help you recover from the scam, but it will help make life difficult for the scammers.
7. Start the process of identity theft recovery. Visit the FTC’s identity theft portal if you believe your identity has been stolen or you gave away enough personal information for that to be a real concern. 

Similar scams:

• UPS Text Scam
• Geek Squad Scams
• Telegram Scams
• Cash App Scams
• Wells Fargo Text Scams
• Amazon Scams
• Got a call from your own number? Scam alert
• How to Make Your Phone Number Unsearchable
• Venmo Scams
• Snapchat scams

PayPal scams FAQ