The email looks exactly like PayPal. The logo, the familiar blue, a transaction you don’t recognise for $699.99. Your stomach drops. And right there in the email is a customer support number to call if you didn’t authorise it.
Don’t call that number. It belongs to the scammer.
Here’s how to tell what you’re actually dealing with. And what to do if you’ve already clicked, called, or paid.
Most unexpected PayPal emails are scams. This includes unauthorised payment alerts, account limitation warnings, and refund notifications. Some use fake websites. Others abuse PayPal’s own invoice system to send fraudulent requests through real PayPal infrastructure.
If you haven’t clicked anything: Check your actual PayPal account directly at paypal.com. Do not use any link from the email. If nothing looks wrong there, the email was fake.
If you called a number, clicked a link, or sent money: Go straight to the What to Do section below. Time matters here.
Forward phishing emails to phishing@paypal.com and report fraud to the FTC at reportfraud.ftc.gov.
What Is a PayPal Scam Email?
A PayPal scam email is a fraudulent message designed to look like an official PayPal communication. The goal is always one of two things: stealing your login credentials, or tricking you into calling a fake support number or sending money directly.
But here’s what makes PayPal scams harder to spot than most. Scammers have found a way to send fraudulent invoices using PayPal’s own systems. The email arrives from a legitimate PayPal server, passes spam filters, and looks completely authentic. The invoice is fake. The delivery infrastructure is real.
These are the kinds of messages that land in inboxes every day:
Why do these work on intelligent people? Because they target the fear of financial loss, one of the fastest emotional triggers in the human brain. The moment you see an unauthorised charge tied to your account, your brain shifts into fix-it mode. Rational evaluation slows. The phone number is right there. So people call before they’ve had a chance to think.
That’s not a failing. It’s how the brain handles financial threats. Scammers understand this better than most people realise. Every element of these messages is designed to exploit that window before you pause and verify.
The goal of a PayPal scam email isn’t always to steal your PayPal password. Often it’s simpler: get you on the phone with a fake support agent who can then walk you into a wire transfer, gift card payment, or remote access session. The email is just the opening move.
How PayPal Scam Emails Work
The mechanics differ by scam type, but the sequence is consistent.
You Receive an Alarming Email
The message announces something that demands immediate attention: an unauthorised charge, an account limitation, an overdue invoice. It’s designed to create a specific emotion: urgency laced with fear. The amount is always specific enough to feel real.
A Resolution Path Is Right There
A phone number, a button, a link. The scammer makes it effortless to act. There’s no friction between the fear they’ve created and the action they want you to take. This is deliberate. Every extra step gives you time to think, and thinking is what they’re trying to prevent.
You Call or Click
If you call the number, you reach a convincing “PayPal support agent” who confirms the fraudulent charge and offers to help you dispute it, eventually steering you toward a wire transfer, gift cards, or granting remote access to your device. If you click the link, you’re taken to a fake PayPal login page that captures your credentials the moment you enter them.
The Damage Is Done
Whether through a stolen password, a transferred payment, or a compromised device. Either way, the scammer has what they came for. The fake invoice or email has already been forgotten by the time the real damage surfaces.
Does a Fake Invoice Mean Your Account Is Compromised?
No. And this is worth being direct about.
Receiving a fake PayPal invoice or scam email doesn’t mean anyone has accessed your account. It doesn’t mean the scammer has your password or your payment details. It means they have your email address, which could’ve come from a data breach, a purchased contact list, or simply a guess.
The invoice looks threatening because it’s designed to. The actual state of your PayPal account is unaffected until you take an action: clicking a link, calling a number, approving a payment, or sharing your login credentials.
🚫 PayPal Will Never Do Any of These Things
- Send an email asking you to call a phone number to dispute a transaction
- Ask for your password, one-time passcode, or security questions over the phone or via email
- Request gift cards, cryptocurrency, or wire transfers to resolve a dispute or protect your account
- Ask you to install remote access software to secure your account
- Send security alerts from any domain other than @paypal.com
- Threaten immediate account suspension unless you verify through an external link
If a message or call does any of the above, it isn’t from PayPal. Doesn’t matter how real it looks.
Warning Signs of a Fake PayPal Email
Open a new browser tab and go directly to paypal.com. Sign in. Check your transaction history and account status. If nothing looks wrong there, the email is fake regardless of how alarming it appeared. Never use links or phone numbers from the email itself.
- A phone number is prominently displayed inside the email or invoice. PayPal doesn’t place customer support numbers in automated emails. That number connects to the scammer.
- The sender address isn’t exactly @paypal.com. Look carefully. Addresses like @paypal-support.com, @intl-paypal.com, or @secure-paypal.net are all fake. One wrong character means it’s not PayPal.
- The transaction involves cryptocurrency, gift cards, or a name you don’t recognise, like “Bitcoin Exchange LLC” or “Crypto Purchase.” PayPal doesn’t process these types of transactions through invoice requests to random users.
- The email creates a deadline tied to a threat: “verify within 24 hours,” “respond to avoid suspension.” Legitimate PayPal communications don’t use countdown language.
- The invoice came from someone you’ve never heard of, or arrived without any prior interaction. Anyone with a PayPal account can send an invoice to any email address. That’s the vulnerability scammers exploit.
- Clicking the link takes you somewhere other than paypal.com. Always check the actual URL before entering any credentials. A site that looks exactly like PayPal but lives at paypa1.com or secure-paypal-login.com is a phishing page.
The Most Common PayPal Scam Email Variations
Fake Unauthorised Payment Alerts
The most widely reported variation. An email claims a large payment, usually between $300 and $1,000, has been sent from your account to a suspicious merchant. A phone number is provided to dispute the charge. The payment doesn’t exist. The number goes to a fake support centre. This same playbook runs across other platforms too. Apple Pay scam alerts follow an identical structure.
Real PayPal Invoice Abuse
Scammers create free PayPal accounts and use the legitimate invoice feature to bill targets for services they never requested. Because the email genuinely comes from PayPal’s servers, it bypasses spam filters and looks completely authentic. The invoice contains a fake support number. Victims call it thinking they’re disputing a real charge.
Account Limitation Phishing
An email warns your account has been limited or suspended due to suspicious activity. It asks you to “verify” your account by clicking a link that leads to a fake PayPal login page. Your credentials are captured the moment you enter them. If you’ve clicked a link like this, read our guide on what happens in the first 24 hours after a phishing attack. The timeline moves faster than most people expect.
Fake Refund or Overpayment Scams
You’re told you’ve been accidentally overpaid or are owed a refund, but to receive it, you need to first send a smaller amount to “process” the transaction. No legitimate refund from any company works this way. Once you send, the refund never arrives and the scammer disappears.
Fake Customer Support Calls Following Scam Emails
Some scammers follow up their emails with a phone call, claiming to be PayPal security calling about the suspicious activity they emailed you about. The call feels more legitimate because it references the email. It isn’t. PayPal doesn’t make unsolicited outbound calls to discuss account security.
What to Do If You’ve Been Targeted
Find your situation below and follow the steps in order.
🔑 You Clicked a Link and Entered Your Login Details
- Change your PayPal password immediately at paypal.com. Go directly, not through the link.
- Enable two-factor authentication on your PayPal account now.
- Change the password on your email account if it shares the same password.
- Review recent PayPal transactions and dispute anything unauthorised.
- Forward the phishing email to phishing@paypal.com
- Report to the FTC at reportfraud.ftc.gov
📞 You Called the Number in the Email
- Do not call back or engage further, even if they contact you again.
- If you shared any passwords or OTPs during the call, change them immediately.
- If you granted remote access to your device, disconnect from the internet and run a full malware scan.
- Change your PayPal password and enable 2FA.
- Report to ic3.gov and the FTC.
💸 You Sent Money or Approved a Payment
- Contact PayPal support directly at paypal.com and report the transaction as fraud.
- Call your bank or card issuer immediately. Use the word “fraud” when you explain what happened.
- Request a chargeback if the payment was funded by a credit card.
- See our guide on how to report this scam to make sure you’re filing with every relevant agency.
- Report to the FTC and FBI IC3.
📩 You Only Received the Email and Took No Action
- Do not click any links or call any numbers in the email.
- Forward it to phishing@paypal.com
- Delete the email after forwarding.
- Log into PayPal directly to confirm your account is unaffected.
- Report it to the FTC so the pattern is tracked.
PayPal transactions funded by credit card offer stronger dispute options than those funded by bank transfer or PayPal balance. Report within the first few hours. Every hour that passes, funds move further through the system and become harder to recover. If you need a full step-by-step response plan, this guide covers what to do immediately after being scammed.
Common Misconceptions
“The email came from PayPal’s servers, so it must be legitimate”
Not anymore. Scammers abuse PayPal’s own invoicing feature to send fraudulent payment requests that genuinely originate from PayPal infrastructure. The sending domain is real. The invoice content is fraudulent. This is one of the trickiest aspects of PayPal scams right now. It’s why checking the content of a message matters far more than checking where it came from.
“If I didn’t click anything, my account is safe”
Receiving the email alone doesn’t compromise your account. But if you called a number in the email and shared any account information, your account may be at risk even without clicking a link. The phone call is often the actual attack vector. Not the email itself.
“PayPal will sort it out if I report it”
PayPal does investigate reported fraud and can sometimes reverse transactions, but it’s not automatic and it’s not guaranteed. Authorised payments (where you approved the transaction under false pretences) are harder to dispute than unauthorised ones. Your bank or card issuer may be a faster route to a chargeback, especially for credit card-funded payments. Report to both.
“Scam emails are easy to spot by their poor grammar”
That was true a few years ago. Current PayPal scam emails are often indistinguishable from genuine PayPal communications in terms of formatting, language, and visual design. The tell isn’t the grammar anymore. It’s the phone number, the external link, and the urgency pressure.
Frequently Asked Questions
Is there a PayPal scam email going around right now?
Yes, several active variants are widely reported. The most common involves fake unauthorised payment alerts containing a phone number to call. A second major variant abuses PayPal’s legitimate invoice system to send fraudulent payment requests directly through PayPal’s own infrastructure. Both are ongoing. If you’ve received an unexpected PayPal email with a phone number or an invoice from someone you don’t know, treat it as suspicious until you’ve verified through your actual PayPal account.
How do I report a scam email to PayPal?
Forward the email with all headers intact to phishing@paypal.com. PayPal’s security team investigates these reports and uses them to identify and take down fraudulent accounts and phishing pages. After forwarding, delete the email. Also report to the FTC at reportfraud.ftc.gov so the fraud pattern is tracked at a federal level.
Can scammers send real PayPal invoices?
Yes. Anyone with a PayPal account can use the invoicing feature to send a payment request to any email address. Scammers exploit this to send fraudulent invoices that arrive from legitimate PayPal servers, bypass spam filters, and look genuine. Receiving one of these invoices doesn’t mean your account has been accessed. It means someone sent a request to your email address. Simply decline or ignore the invoice, and report the account to PayPal.
How do I spot a fake PayPal invoice?
Check three things: does the invoice contain a phone number? Is it from a company or person you’ve never interacted with? Does it reference a product or service you never requested? A yes to any of these is a strong signal it’s fraudulent. Verify by logging into your PayPal account directly. If the invoice doesn’t appear there, or if your balance and transaction history are unaffected, the email was fake.
Can PayPal refund money lost to a scam?
It depends on the type of transaction and how quickly you report it. PayPal’s Purchase Protection covers eligible goods and services transactions, but not all scam payments qualify. Unauthorised transactions reported quickly are the strongest candidates for a refund. For payments you authorised under false pretences, your card issuer may offer better recourse through a chargeback, particularly for credit card-funded payments. Report to both PayPal and your bank as soon as possible.
Key Takeaways
- Most unexpected PayPal emails are scams. The safest first step is always to check your actual PayPal account at paypal.com before taking any action.
- Scammers can send fraudulent invoices through PayPal’s own systems. An email arriving from a real PayPal server isn’t proof the request is legitimate.
- Phone numbers inside PayPal emails or invoices connect to scammers, not PayPal. PayPal doesn’t place support numbers in automated emails.
- Receiving a fake invoice doesn’t mean your account has been compromised. Calling the number or clicking the link, though, can lead to one.
- For phishing email reports: forward to phishing@paypal.com. For financial losses: contact PayPal support and your bank immediately, then file with the FTC and IC3.
- Credit card-funded PayPal transactions offer stronger chargeback options than bank or balance payments. Report fast to keep those options open.
PayPal scam emails succeed because they look exactly like something that would require urgent action. The defence isn’t complicated. It’s just a habit. Before you call, click, or pay anything, open PayPal directly and check. That one step breaks the scam every time.
Already Affected? Here’s Your Next Step.
If you’ve sent money, shared your credentials, or called a fake support number, the 72-Hour Response Guide walks you through exactly what to do, who to contact, and in what order. Step by step, no guesswork.
Get the Response Guide →