What Is a PayPal Scam Email?
A PayPal scam email is a fraudulent message designed to look like it came from PayPal — used to steal your login credentials, trick you into paying a fake invoice, or get you to call a number where scammers take over from there. PayPal itself is a legitimate and secure platform. The scam happens in your inbox, not inside PayPal’s system. Most PayPal scam emails either create urgency around your account or send a fake invoice for something you never ordered.
Why PayPal Scam Emails Are So Common
PayPal has hundreds of millions of users. That makes it one of the most impersonated brands in email fraud — second only to major banks and Amazon.
Scammers target PayPal users for two reasons:
- PayPal emails are easy to mimic — the formatting, logo, and language are widely known
- Users are conditioned to act quickly on PayPal notifications because real ones often require prompt attention
This is where people get confused: a PayPal scam email doesn’t always look obviously fake. Modern versions closely replicate PayPal’s actual email design — same fonts, same colors, same footer disclaimers. The difference is in what they’re asking you to do.
How a PayPal Scam Email Works
Most PayPal scam emails follow one of two patterns:
Pattern 1 — Phishing for Your Login
Step 1: You receive an email claiming there’s a problem with your account.
Real example of fake subject line:
“Your PayPal account has been limited — action required”
Step 2: The email creates urgency:
“We’ve noticed unusual activity on your account. To avoid suspension, verify your identity within 24 hours.”
Step 3: You’re directed to click a link — which goes to a fake PayPal login page that looks identical to the real one.
Step 4: You enter your email and password. The scammer now has your PayPal credentials and can drain your balance or linked accounts.
Pattern 2 — Fake Invoice Scam
Step 1: You receive what looks like a PayPal payment confirmation or invoice for something you didn’t buy.
Real example:
“You’ve authorized a payment of $349.99 to CryptoGuard Pro. If you didn’t authorize this, call our support line: 1-888-XXX-XXXX to cancel immediately.”
Step 2: You panic and call the number.
Step 3: The person who answers pretends to be PayPal support. They walk you through “canceling” the charge — which involves giving remote access to your device or sharing your banking details.
Here’s the key point: the invoice itself may actually be sent through PayPal’s real invoice system. Scammers exploit PayPal’s legitimate invoicing feature to send fake bills — which means the email comes from a real PayPal address and passes spam filters.
What a Real PayPal Email Looks Like
Knowing what genuine PayPal communication looks like is your first line of defense.
Legitimate PayPal emails:
- Always come from @paypal.com — no variations like @paypal-support.com or @paypalsecurity.net
- Address you by your full name — never “Dear Customer” or “Dear PayPal User”
- Never ask for your password, full card number, or bank details via email
- Never include a phone number to call for account issues
- Direct you to log in through paypal.com — not through a link in the email
- Never threaten immediate account closure for inaction within hours
If any of these are missing or violated — it’s a scam email.
Signs of a Fake PayPal Email
Watch for these specific red flags:
- Sender address contains anything other than @paypal.com
- Your name is missing — addressed as “user,” “customer,” or “account holder”
- Urgent language — “within 24 hours,” “immediate action required,” “your account will be closed”
- A phone number to call for “support” or to “cancel a charge”
- Links that go anywhere other than paypal.com when you hover over them
- Invoice for a product or service you never ordered
- Requests to confirm your password, full card number, or SSN
- Poor grammar or unusual phrasing — though many modern scam emails are well-written
- A Bitcoin, gift card, or wire transfer mentioned as a resolution method
What to Do If You Received a PayPal Scam Email
If You Haven’t Clicked Anything
- Do not click any links in the email
- Do not call any phone number listed in the email
- Forward the email to spoof@paypal.com — PayPal’s official fraud reporting address
- Delete the email after reporting it
- Log into your PayPal account directly at paypal.com to verify there are no real issues
If You Clicked a Link but Didn’t Enter Anything
- Close the page immediately
- Clear your browser cache and history
- Run a security scan on your device if possible
- Check your PayPal account at paypal.com for any unauthorized activity
- Watch for unusual login alerts over the next 24–48 hours
If You Entered Your PayPal Login Details
- Go to paypal.com immediately and change your password — do this from a trusted device
- Enable two-factor authentication if it isn’t already active
- Review your recent transactions for unauthorized activity
- Check and update the password for your linked email account — if the scammer has your email they can reset your PayPal password
- Contact PayPal’s official support through paypal.com if unauthorized transactions appear
- Report to the FTC at reportfraud.ftc.gov
If You Called the Number and Spoke to Someone
- If you gave remote access to your device — disconnect from the internet immediately and uninstall any remote access software (AnyDesk, TeamViewer, Quick Assist)
- If you shared banking or card details — contact your bank immediately and report fraud
- Change your PayPal password and any reused passwords
- Report to the FTC at reportfraud.ftc.gov and IC3 at ic3.gov
- In Canada — report to the Canadian Anti-Fraud Centre at antifraudcentre.ca
If you need a structured plan for everything to do in the next 72 hours, the Response Plan Hub guide at responseplanhub.com/responseguide walks through each step in order.
Common Variations of PayPal Scam Emails
Is There a PayPal Email Scam Going On Right Now?
PayPal scam emails are not a single campaign — they run continuously and in waves. The fake invoice scam using PayPal’s real invoicing system has been particularly active in recent years because the emails bypass spam filters and appear to come from legitimate PayPal infrastructure.
If you’ve received one recently, you are not alone. The FTC regularly receives reports about PayPal impersonation scams and documents them as some of the most reported email fraud types.
Why Did I Get a PayPal Invoice for Something I Didn’t Order?
This is almost always the fake invoice scam described above. The scammer created a PayPal account and used PayPal’s legitimate invoicing feature to send you a bill — often for a cryptocurrency service, antivirus subscription, or tech support package.
The goal is to make you panic and call the phone number in the invoice to “cancel” the charge. The invoice is fake. You owe nothing. Do not call the number.
Log into your PayPal account at paypal.com. If no transaction appears there, no money has been taken. Report the invoice through PayPal’s resolution center and forward it to spoof@paypal.com.
How to Spot a Fake PayPal Invoice Email
Fake PayPal invoices typically include:
- A large dollar amount for something you don’t recognize
- A phone number prominently displayed as the way to dispute it
- Vague product descriptions — “Security Subscription,” “Premium Support Package,” “CryptoGuard Pro”
- A sense of urgency — “payment will be processed in 24 hours”
Real PayPal invoices come from businesses you’ve actually transacted with. If you don’t recognize the sender or the product, it’s a fake.
Mistakes and Misconceptions
Q: If the email came from a PayPal address, it must be real A: Not necessarily. Scammers can spoof email display names to show “PayPal” while the actual sending address is something completely different. Always check the full email address — not just the display name. Additionally, fake invoices can legitimately originate from PayPal’s servers because they use PayPal’s own invoicing system. The email source being real doesn’t mean the invoice is.
Q: I should call the number in the email to sort this out A: The phone number in a scam email connects you directly to the scammer. This is intentional — the email is designed to make you panic and call. PayPal’s real customer support number is only found on their official website at paypal.com. Never use a number from an email.
Q: If I ignore the invoice, the payment will go through A: If you haven’t authorized any payment and no transaction appears in your actual PayPal account at paypal.com, no money will be taken. Fake invoices look alarming but carry no ability to charge you unless you respond and take action. Log into PayPal directly to confirm.
Q: PayPal will refund me automatically if I was scammed A: PayPal’s buyer protection covers certain authorized purchases from sellers — it does not automatically cover situations where you were tricked into making a payment or sharing your credentials. Contact PayPal support immediately through paypal.com if unauthorized transactions occurred, and file a dispute through their Resolution Center.
FAQ
Q: Is there a PayPal email scam going on? A: Yes — PayPal impersonation scams run continuously and are among the most reported email fraud types in the US and Canada. The fake invoice version has been particularly widespread because it uses PayPal’s real invoicing infrastructure, making the emails appear legitimate. If you’ve received a suspicious PayPal email, you’re not the only one.
Q: How do I report a scam email to PayPal? A: Forward the suspicious email directly to spoof@paypal.com — this is PayPal’s official fraud reporting address. Do not click any links before forwarding. After forwarding, delete the email. If you’ve already interacted with the email, log into your PayPal account directly at paypal.com to check for unauthorized activity.
Q: Will PayPal refund me if I was scammed? A: PayPal’s Purchase Protection covers eligible transactions made through their platform — but it does not automatically cover payments made to scammers or situations where your account was accessed using credentials you unknowingly provided. Contact PayPal support through paypal.com and file a dispute in the Resolution Center as quickly as possible if money was taken.
Q: How can I check if a PayPal email is real? A: Log into your PayPal account directly at paypal.com and check your notifications and transaction history. If the email is referring to a real issue, it will be reflected in your account. If nothing shows up, the email is fake. Never rely on links in the email to verify — always go directly to the site.
Q: Can I ignore a fake PayPal invoice? A: Yes — if no transaction appears in your actual PayPal account, you can safely ignore it. The invoice has no ability to charge you unless you take action. However, do not simply delete it — forward it to spoof@paypal.com first so PayPal can investigate and potentially disable the scammer’s account.
Key Takeaway
PayPal scam emails work because they create urgency around something that feels financially threatening — a fake charge, a locked account, an unauthorized transaction. The platform itself is secure. The scam happens in your inbox, before you ever log in. Knowing what real PayPal emails look like, recognizing the phone number trap in fake invoices, and going directly to paypal.com rather than clicking email links are the three habits that stop these scams from working. If you’ve already interacted with one, act quickly — change your password, check your account, and report it.