Phishing emails and hoax websites ask you to click on links, contact them, or open attachments to update your account information, confirm your password or confirm a purchase you haven’t made. When you follow the links, the sites are unsecured, letting the fraudsters collect your login details and/or financial information.
Phishing scams almost always imitate well-known companies and include company logos, official-looking email templates, or phone call scripts similar to genuine company communications. There are some things to look for that can help you tell the difference.
Look for these signs when you receive an email you weren’t expecting.
Whenever you land on a website from a link, check for these signs to make sure you’re safe.
Smishing or mishing is the SMS or text equivalent of a phishing email. It can even come through social media apps and sites. The message is usually urgent, asking you to call a number or click a link to cancel a transaction you don’t recognise or update your information.
Vishing is a voice call phishing attempt. It’s often a recorded message that tells you there’s an urgent problem or you have an overdue bill. They may even mention the police or government authorities. Don’t call them back, even if the caller ID says “PayPal” or another trusted company.
If you’ve received a phishing email or stumbled across a hoax website, even if you’re not sure, forward it to us at phishing@paypal.com and we’ll investigate it. Make sure you forward the email (don’t send it as an attachment) so valuable tracking information about the source stays intact. Once done, delete the email permanently from your inbox – never click any links.
Be cautious when communicating with others through direct messaging as scammers may attempt to trick you into providing personal information. PayPal users should never share sensitive personal or financial information, for example: