PayPal Scams in 2026: How to Spot Fake Emails, Texts & Websites

Why PayPal Is the #1 Target for Phishing Scams

PayPal processes over $1.5 trillion in payments every year and has more than 430 million active accounts. That massive user base makes it the single most impersonated brand in phishing attacks, according to multiple cybersecurity reports published in late 2025 and early 2026. Researchers at Checkpoint and Vade found that PayPal-themed phishing emails consistently outpace those impersonating Microsoft, Google, and even major banks.

The reason is simple: PayPal sits at the intersection of email, money, and personal identity. A compromised PayPal account gives criminals direct access to linked bank accounts, credit cards, and enough personal data to commit full-blown identity theft. Scammers know that a single convincing email can yield thousands of dollars in a matter of minutes.

The 7 Most Common PayPal Scams Right Now

1. Fake "Unusual Activity" Emails

This is the most widespread PayPal scam in circulation. You receive an email with a subject line like "We noticed unusual activity on your account" or "Your PayPal account has been accessed from a new device." The email looks nearly identical to a legitimate PayPal notification, complete with the PayPal logo, professional formatting, and a blue "Secure Your Account" button.

How it works: Clicking the button takes you to a fake PayPal login page. When you enter your email and password, the scammers capture your credentials in real time. Some advanced versions even forward you to the real PayPal site after stealing your login, so you never realize what happened.

How to spot it:

• The sender address is not service@paypal.com -- look for slight misspellings like "service@paypa1.com" or domains like "paypal-security@mail.com"
• Hover over the button without clicking: the destination URL will not be paypal.com
• The email uses generic greetings like "Dear Customer" instead of your full name
• There are subtle grammar or formatting errors that a real PayPal email would not contain

2. Fake Invoice and Money Request Scams

This scam exploits a legitimate PayPal feature. Scammers use PayPal's own invoicing system to send you a real invoice or money request for a purchase you never made -- often for high-value items like cryptocurrency, electronics, or software subscriptions ranging from $299 to $999.

How it works: Because the invoice is sent through PayPal's actual system, the email comes from a legitimate PayPal address. The invoice includes a note saying something like: "If you did not authorize this transaction, call 1-800-XXX-XXXX immediately to cancel." When you call that number, a fake "PayPal agent" walks you through "canceling" the charge -- which actually involves sending the scammer money or installing remote access software on your computer.

3. "Your Account Has Been Limited" Phishing

This scam preys on PayPal's real account limitation process. PayPal does occasionally restrict accounts when they detect suspicious behavior, and scammers exploit that fact. The phishing email claims your account is limited and you must "verify your identity" by clicking a link and entering your Social Security number, bank account details, or uploading a photo of your ID.

How to spot it:

• PayPal will never ask for your full Social Security number via email
• Real PayPal limitation notices direct you to the Resolution Center inside your account -- they don't ask you to click an external link
• The email creates extreme urgency: "Your account will be permanently closed in 48 hours"
• Check the sender's full email address -- it won't be from paypal.com

4. Fake PayPal Customer Support Calls

You receive a phone call, a voicemail, or a robocall claiming to be from PayPal's fraud department. The recorded message states that a large transaction (typically $500 to $2,000) has been charged to your account and instructs you to "press 1" to speak with a representative, or calls you directly with a spoofed caller ID that shows "PayPal" or a legitimate-looking phone number.

How it works: When you connect with the "representative," they ask you to verify your identity by providing your login credentials, one-time verification codes, or bank account information. Some scammers ask you to install screen-sharing software like AnyDesk or TeamViewer to "walk you through securing your account," which gives them full access to your computer.

5. Overpayment Scams on Marketplace Sales

If you sell items on Facebook Marketplace, Craigslist, or eBay, this scam targets you specifically. A buyer "accidentally" sends you more than the listed price via PayPal -- say, $800 for a $500 item -- and asks you to refund the difference of $300. The catch: the original $800 payment was made with a stolen credit card, a hacked PayPal account, or a fraudulent funding source.

How it plays out: You refund the $300 from your own funds. Days or weeks later, PayPal reverses the original $800 payment because it was fraudulent. You lose your item, the $300 you refunded, and you may be stuck with a negative PayPal balance.

Red flags:

• A buyer who overpays and immediately asks for a partial refund
• Requests to refund via a different method (Zelle, wire transfer, gift cards)
• A buyer who pressures you to ship before the payment fully clears
• Unusually eager buyers who don't negotiate the price at all

6. Fake Shipping Confirmation Texts

SMS phishing (smishing) targeting PayPal users surged in 2025 and continues to grow. You receive a text message claiming: "PayPal: Your payment of $487.50 to Best Buy has shipped. If you didn't make this purchase, visit [link] to cancel." The link leads to a fake PayPal login page designed to harvest your credentials.

How to spot it:

• PayPal does not send shipping confirmations via SMS for most transactions
• The link in the text uses a shortened URL (bit.ly, tinyurl) or a suspicious domain that is not paypal.com
• The message creates urgency by referencing a large dollar amount you don't recognize
• The sender's phone number is a random 10-digit number, not a recognized PayPal short code

7. Lookalike PayPal Login Pages

This is the technical backbone behind most PayPal phishing campaigns. Scammers create websites that are pixel-perfect copies of the PayPal login page, hosted on domains designed to fool you at a glance. These fake sites capture your email and password in real time, and increasingly ask for additional verification like your credit card number or bank account details on a second page.

Common fake domain patterns:

• paypal-signin.com -- adds extra words to the domain
• paypa1.com -- replaces the letter "l" with the number "1"
• paypal.com-secure.xyz -- puts paypal.com as a subdomain of a different site
• paypal-verify.support -- uses an unfamiliar top-level domain
• update-paypal.com -- adds words before the brand name

How to Tell a Real PayPal Email From a Fake One

Every day, millions of people stare at an email and wonder: "Is this actually from PayPal?" Here is a concrete checklist to determine authenticity.

Real vs. Fake PayPal Website: What to Look For

Fake PayPal websites have become alarmingly convincing. Side by side, a real and fake PayPal login page can look virtually identical. The differences are in the details that most people overlook.

The Real PayPal Site

• URL: www.paypal.com -- no extra words, no hyphens, no unusual extensions
• SSL certificate: Issued to "PayPal, Inc." -- you can verify this by clicking the padlock icon in your browser
• Consistent branding: Clean layout, proper fonts, all links functional and pointing to paypal.com subpages
• Full functionality: You can navigate to Help, Contact Us, and other pages that all work correctly
• Two-factor authentication: After entering your password, you receive a real verification code via your chosen method

The Fake PayPal Site

• URL: Contains extra words (paypal-login-secure.com), wrong extensions (.xyz, .top, .info), or uses paypal.com as a subdomain of another site (paypal.com.fake-domain.xyz)
• SSL certificate: May still show a padlock, but the certificate is issued to a random entity, not PayPal, Inc.
• Broken navigation: Links in the footer, header, and sidebar either don't work or redirect to the same login page
• Extra data requests: After your email and password, the fake site asks for your credit card number, bank routing number, SSN, or security questions -- a real PayPal login does not do this
• No two-factor authentication: The fake site skips 2FA entirely or asks you to enter your verification code on the same page (which the scammer then uses in real time on the actual PayPal site)

What to Do If You Fell for a PayPal Scam

If you entered your credentials on a fake site, clicked a malicious link, or sent money to a scammer, act immediately. Speed matters -- the faster you respond, the more likely you are to recover your money and secure your accounts.

1. Change your PayPal password immediately. Go to paypal.com (type it directly), log in, and change your password. Choose a strong, unique password you have not used anywhere else. If you are locked out, use PayPal's account recovery process.
2. Enable two-factor authentication. In your PayPal settings under Security, turn on 2-step verification using an authenticator app (not just SMS, which can be intercepted via SIM swapping).
3. Review your account activity. Check for unauthorized transactions. In PayPal, go to Activity and review all recent payments, transfers, and pending transactions. Look for transactions you did not initiate.
4. Report unauthorized transactions to PayPal. Open the Resolution Center at paypal.com/disputes and report each unauthorized transaction. PayPal's Buyer Protection and Seller Protection programs may cover you, but you must file within 180 days.
5. Contact your bank and credit card companies. If your PayPal account is linked to bank accounts or credit cards, call each financial institution immediately. Let them know your PayPal account was compromised and ask them to monitor for suspicious activity. Request new card numbers if needed.
6. Check for unauthorized account changes. Verify that the scammer has not added a new email address, phone number, or shipping address to your PayPal account. Remove anything you don't recognize.
7. Scan your devices for malware. If you downloaded any files or installed any software during the scam, run a full antivirus scan on your computer and phone. Consider using Malwarebytes for a thorough second-opinion scan.
8. Change passwords on other accounts. If you used the same password on other sites (email, banking, shopping), change those passwords immediately. Scammers routinely test stolen credentials across multiple platforms.
9. Place a fraud alert on your credit. Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert. The bureau you contact is required to notify the other two. This makes it harder for scammers to open new accounts in your name.
10. Monitor your credit reports. Visit AnnualCreditReport.com to check your credit reports from all three bureaus. Look for accounts or inquiries you don't recognize. Continue monitoring weekly for at least 90 days.

How to Report PayPal Scams

Reporting scams does more than protect you -- it helps protect everyone. When enough people report a phishing campaign, email providers block it, hosting companies take down fake websites, and law enforcement can track organized fraud rings. Here is where to report:

• Forward phishing emails to PayPal: Send the suspicious email as an attachment to phishing@paypal.com. PayPal's security team investigates each report and works to take down the offending sites.
• Report within PayPal: Log into your account, go to the Resolution Center, and select "Report a Problem." You can report unauthorized transactions, fake invoices, and suspicious messages.
• Report to the FTC: File a complaint at ReportFraud.ftc.gov. The Federal Trade Commission uses these reports to build cases against scam operations.
• Report to the FBI's IC3: For significant financial losses, file a report at ic3.gov. The Internet Crime Complaint Center tracks cybercrime patterns nationwide.
• Report phishing texts: Forward suspicious SMS messages to 7726 (which spells "SPAM"). Your carrier will investigate the number.
• Report to the Anti-Phishing Working Group: Forward phishing emails to reportphishing@apwg.org, a global coalition that tracks phishing campaigns.

Frequently Asked Questions

How do I know if a PayPal email is real?

Check the sender address -- real PayPal emails come only from @paypal.com. The email will address you by your full legal name, not "Dear Customer." Hover over any links to confirm they point to paypal.com. Real PayPal emails never include attachments and never ask for your password, Social Security number, or full financial account numbers. When in doubt, ignore the email entirely and log into your PayPal account directly at paypal.com to check for notifications.

Can someone hack my PayPal with just my email address?

Your email address alone is not enough to hack your PayPal account, but it is the starting point for every phishing attack. If a scammer knows your PayPal email, they can send you targeted phishing emails designed to steal your password. Protect yourself by using a strong, unique password for PayPal, enabling two-factor authentication, and never clicking login links sent via email.

Is it safe to click "Unsubscribe" in a suspicious PayPal email?

No. In phishing emails, the "Unsubscribe" link is often another trap that leads to a fake website or confirms to the scammer that your email address is active and monitored. If you receive a suspicious email, do not click any links at all -- including "Unsubscribe." Instead, report it by forwarding it to phishing@paypal.com and then delete it.

What if a PayPal invoice shows up in my actual PayPal account?

Scammers can send invoices and money requests through PayPal's real system, which means they may appear in your actual PayPal account. This does not mean the invoice is legitimate or that you owe money. Do not pay the invoice or call any phone number listed on it. Instead, click "Report this invoice" within PayPal to flag it as fraudulent. PayPal will investigate and remove it.

Does PayPal ever call you on the phone?

PayPal may call in rare circumstances -- for example, if you initiated a support request via their website and opted for a callback. However, PayPal will never call you out of the blue to "verify a transaction" or ask you to provide your password, one-time codes, or install software. If you receive an unexpected call from someone claiming to be PayPal, hang up and contact PayPal through official channels.

Can I get my money back if I was scammed through PayPal?

It depends on how the payment was made. PayPal's Buyer Protection covers most unauthorized transactions and purchases where items aren't received or are significantly different from the description. However, if you voluntarily sent money through the "Friends and Family" option (which scammers often request because it waives buyer protections), recovery is much harder. File a dispute in the Resolution Center immediately and also contact your bank or credit card company for a potential chargeback.

I received a text saying PayPal charged me. Is it real?

Almost certainly not. PayPal does not typically send SMS messages about specific transactions unless you have explicitly opted into text notifications in your account settings. Scam texts about PayPal charges are designed to create panic so you click a malicious link. Instead of tapping the link, open the PayPal app or go to paypal.com to verify your recent activity.

Final Thoughts

PayPal scams succeed because they exploit trust, urgency, and familiarity. The scammers behind these campaigns are organized, well-funded, and constantly adapting their tactics. But the good news is that nearly every PayPal scam follows recognizable patterns -- fake sender addresses, lookalike URLs, requests for sensitive information, and artificial urgency.

The single most effective habit you can build is this: never interact with PayPal through links in emails or text messages. Always type paypal.com directly into your browser, or open the PayPal app on your phone. If there is a genuine issue with your account, you will see it when you log in. This one practice makes you virtually immune to the vast majority of PayPal phishing attacks.

Layer that habit with two-factor authentication, unique passwords, and a browser extension that blocks known phishing domains, and you have a defense that even the most sophisticated scammer will struggle to penetrate.

Bookmark this guide and share it with friends and family who use PayPal. The more people who know these signs, the fewer victims these scammers will find.