PayPal has become one of the most trusted names in digital payments, with over 435 million active accounts worldwide. Unfortunately, that trust makes it an irresistible target for scammers. In 2025 alone, the FBI's Internet Crime Complaint Center received over 298,000 reports of payment fraud, with PayPal-related scams accounting for a significant portion of those cases.

The sophistication of these scams has evolved dramatically. Today's fraudsters use advanced social engineering tactics, AI-generated communications, and data purchased from brokers to create convincing attacks that even tech-savvy users can fall for. Understanding how these scams work—and how your personal information fuels them—is essential to protecting your financial security.

What is a PayPal Scam and How Does It Work

PayPal scams encompass various fraudulent schemes designed to trick users into revealing login credentials, sending money to criminals, or clicking malicious links. These attacks exploit the platform's widespread use and users' trust in the PayPal brand.

The Anatomy of Modern PayPal Fraud

Phishing emails and texts remain the most common attack vector. Scammers send messages that appear to come from PayPal, often claiming there's a problem with your account, an unauthorized transaction, or a required security update. These messages contain links to fake websites that perfectly mimic PayPal's login page, capturing your credentials when you enter them.

Overpayment scams target people selling items online. The scammer "accidentally" sends more money than agreed upon, then asks you to refund the difference. The original payment turns out to be fraudulent, leaving you out both the item and the refund money.

Fake invoice scams involve criminals sending legitimate PayPal invoices for services you never ordered—often for large amounts. The invoice includes a phone number to "cancel" the charge, connecting you to the scammer who then requests remote access to your computer or additional payment information.

Advance fee fraud promises large payments, prizes, or refunds but requires you to pay a small "processing fee" first. Once you send the fee, the promised payment never materializes.

Charity scams exploit natural disasters, holidays, or current events by impersonating legitimate organizations and requesting donations through PayPal.

How Scammers Get Your Information

Here's where data brokers enter the picture. These companies collect, aggregate, and sell your personal information—including email addresses, phone numbers, purchase history, and financial patterns. Scammers purchase this data to make their attacks more convincing.

When a fraudster knows your name, address, recent purchase history, and even family members' names, they can craft highly personalized phishing messages that bypass your skepticism. A free scan can reveal just how much of your information is available to these criminals.

Real Examples of PayPal Scams

Understanding actual scam scenarios helps you recognize them in the wild. Here are documented cases that have trapped thousands of victims:

The "Unusual Activity" Email

Sarah, a small business owner in Portland, received an email appearing to be from security@paypal.com. The subject line read: "Unusual Activity Detected - Immediate Action Required." The email claimed someone in Romania had attempted to withdraw $847 from her account.

The message included her correct name, email address, and the last four digits of a credit card she had previously linked to PayPal. It urged her to click a link to "verify your identity and secure your account." The link led to paypa1-security.com (note the "1" instead of "l")—a perfect replica of PayPal's login page.

Sarah entered her credentials, then received a two-factor authentication code on her phone. The fake site prompted her to enter this code, which the scammers immediately used to access her real PayPal account. Within 15 minutes, they had transferred $2,300 to multiple accounts.

The eBay Overpayment Scheme

Marcus listed a vintage guitar for $600 on eBay. A buyer contacted him offering to pay through PayPal immediately. Marcus received what appeared to be a PayPal payment confirmation for $900, with a message saying the buyer had "accidentally" included shipping costs and asking Marcus to refund $300 via Venmo.

The email came from service@paypal-transactions.com and looked legitimate, complete with PayPal branding. Marcus checked his PayPal account and saw no payment, but the scammer claimed it was "pending" until he confirmed shipment. Marcus sent the $300 refund, shipped the guitar, and never received the original payment—losing both the guitar and $300.

The Fake Invoice Attack

Jennifer received a legitimate PayPal invoice for $499.99 for "Norton Antivirus - 3 Year Subscription." She hadn't ordered this. The invoice included a customer service number to call for cancellation.

When she called, the "representative" said the charge was a mistake and offered to process a refund. He asked her to download AnyDesk (remote access software) so he could "verify her account." Once connected, he accessed her banking information, PayPal account, and installed keylogging software. Jennifer lost over $8,000 before discovering the breach.

The Charity Fraud

Following a major hurricane, thousands received text messages claiming to be from PayPal's disaster relief program. The message stated: "PayPal is matching all hurricane relief donations 2:1. Donate now: [link]."

The link led to a convincing PayPal-branded donation page. Victims entered their PayPal credentials to make donations, giving scammers account access. No donations ever reached hurricane victims—the entire operation was fraudulent.

Red Flags: How to Spot PayPal Scams Instantly

Recognizing these warning signs can stop scams before they succeed:

Email and Message Red Flags

Generic greetings: Legitimate PayPal emails address you by your first and last name, not "Dear User" or "Dear Customer." Scammers often lack this information or use generic greetings to mass-distribute messages.

Urgent language: Phrases like "immediate action required," "account will be suspended," or "verify within 24 hours" create artificial pressure to bypass your critical thinking. PayPal rarely requires immediate action and provides ample time to resolve issues.

Suspicious sender addresses: Hover over the sender's email address. Scammers use addresses like paypal-security@gmail.com, service@paypa1.com, or noreply@paypal-verify.net. Legitimate PayPal emails come from @paypal.com or @e.paypal.com domains only.

Spelling and grammar errors: While sophisticated scams have improved, many still contain awkward phrasing, misspellings, or grammatical mistakes that PayPal's professional communications team would never allow.

Attachments: PayPal never sends attachments. Any email with a .zip, .exe, .pdf, or other attachment claiming to be from PayPal is fraudulent.

Website and Link Red Flags

URL inconsistencies: Before entering credentials, check the URL carefully. Legitimate PayPal pages always use https://www.paypal.com. Scammers use variations like paypa1.com, paypal-secure.com, or paypal.account-verify.com.

Missing security indicators: Real PayPal pages display a padlock icon in the address bar and use HTTPS encryption. However, scammers can also obtain SSL certificates, so this alone isn't sufficient verification.

Requests for unusual information: PayPal never asks for your full credit card number, Social Security number, or PIN via email or on their website. Requests for this information indicate fraud.

Transaction Red Flags

Overpayment scenarios: No legitimate buyer accidentally sends too much money. Any request to refund a difference is a scam.

Payment from unexpected sources: If you receive a PayPal payment you didn't expect, don't click links in the notification email. Log into PayPal directly through your browser to investigate.

Requests to use "Friends and Family": Scammers often request this payment method because it offers no buyer protection. Legitimate sellers accept "Goods and Services" payments.

Pressure to move off-platform: Anyone asking you to continue conversations via text, WhatsApp, or email instead of eBay, Etsy, or other platform messaging is likely a scammer.

What to Do If You've Been Targeted

Quick action can limit damage if you've fallen victim to a PayPal scam or suspect you've been targeted.

Immediate Steps (First 24 Hours)

1. Change your PayPal password immediately

Go directly to www.paypal.com (don't click any links)
Navigate to Settings > Security > Password
Create a strong, unique password you don't use anywhere else
Use a password manager to generate and store it securely

2. Enable or update two-factor authentication

Go to Settings > Security > 2-Step Verification
Use an authenticator app (Google Authenticator, Authy) rather than SMS when possible
SMS can be intercepted through SIM swapping attacks

3. Review all recent transactions

Check Activity for unauthorized payments
Look for changes to linked bank accounts or cards
Review any automatic payments or subscriptions

4. Contact PayPal's Resolution Center

Go to www.paypal.com/disputes
Report unauthorized transactions within 60 days for protection under PayPal's Purchase Protection
File a dispute for any suspicious activity
Call PayPal directly at 1-888-221-1161 (US) if you need immediate assistance

5. Contact your bank or card issuer

Report any unauthorized charges
Consider freezing or replacing cards linked to your PayPal account
Ask about fraud protection services they offer

6. Document everything

Take screenshots of scam emails, texts, or websites
Save all communication with scammers
Note dates, times, and amounts involved
This documentation is crucial for reports and potential legal action

Secondary Steps (First Week)

7. Scan for malware

Run a full system scan with updated antivirus software
Consider using specialized tools like Malwarebytes
If you gave remote access, assume your system is compromised and consider professional help

8. Check other accounts

If you used the same password elsewhere, change those immediately
Review bank accounts, credit cards, and other financial services
Monitor credit reports for signs of identity theft

9. Set up account alerts

Enable PayPal notifications for all transactions
Set up bank alerts for withdrawals and purchases
Consider credit monitoring services

How to Report PayPal Scams

Reporting scams helps protect others and may aid in recovering your funds. Multiple agencies handle different aspects of fraud.

Report to PayPal

Email forwarding for phishing attempts:

Forward suspicious emails to phishing@paypal.com
Include full headers if possible
PayPal investigates and takes down fake sites

Resolution Center for unauthorized transactions:

Visit www.paypal.com/disputes
Select "Report a Problem"
Choose the transaction and follow prompts
You have 180 days to report unauthorized transactions

Report to Government Agencies

Federal Trade Commission (FTC):

File a report at ReportFraud.ftc.gov
Provides identity theft recovery plans
Data helps track fraud trends and enforce consumer protection laws

FBI's Internet Crime Complaint Center (IC3):

Submit complaints at ic3.gov
Required for losses over $1,000
Helps federal investigations of organized cybercrime

State Attorney General:

Each state has a consumer protection division
Find yours through the National Association of Attorneys General (naag.org)
State AGs can take action against scammers operating in their jurisdiction

Report to Other Platforms

If the scam originated on eBay, Craigslist, Facebook Marketplace, or another platform, report it there as well. These companies can ban scammer accounts and warn other users.

Report to Credit Bureaus

If you suspect identity theft beyond PayPal:

Place fraud alerts with Equifax (equifax.com), Experian (experian.com), and TransUnion (transunion.com)
Consider a credit freeze, which prevents new accounts from being opened
You're entitled to free credit reports at AnnualCreditReport.com

How to Protect Yourself Going Forward

Prevention requires multiple layers of security, from technical safeguards to reducing your data exposure.

Strengthen Your PayPal Security

Use strong, unique passwords: Your PayPal password should be at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols. Never reuse passwords across sites. A password manager like 1Password, Bitwarden, or Dashlane makes this manageable.

Enable two-factor authentication: This adds a second verification step beyond your password. Even if scammers steal your credentials, they can't access your account without the second factor.

Link a credit card, not a debit card: Credit cards offer better fraud protection under federal law (Fair Credit Billing Act limits liability to $50). Debit cards connect directly to your bank account, making unauthorized withdrawals more damaging.

Monitor your account regularly: Check transactions at least weekly. Set up mobile notifications for all activity. The faster you catch fraud, the easier it is to resolve.

Keep software updated: Ensure your operating system, browser, and security software have the latest patches. Many attacks exploit known vulnerabilities in outdated software.

Verify Before You Trust

Always access PayPal directly: Type www.paypal.com into your browser or use the official app. Never click links in emails, texts, or social media messages claiming to be from PayPal.

Verify unexpected communications: If you receive a suspicious message claiming to be from PayPal, log into your account directly to check for notifications. Contact PayPal through their official channels to verify.

Inspect URLs carefully: Before entering credentials, verify you're on the real PayPal site. Look for the exact domain www.paypal.com—not variations or subdomains.

Be skeptical of urgency: Legitimate companies give you time to address issues. High-pressure tactics are a hallmark of scams.

Reduce Your Data Exposure

Here's the connection many people miss: scammers don't operate in a vacuum. They purchase your personal information from data brokers to make their attacks more convincing.

Data brokers are companies that collect information from public records, online activity, purchase history, and other sources, then sell it to anyone willing to pay. This includes:

Your name, address, and phone numbers
Email addresses and social media profiles
Purchase history and financial patterns
Family members and associates
Property ownership and vehicle registrations
And much more

When scammers have this information, they can craft highly personalized phishing messages that reference real details about your life, making them far more believable.

Under privacy laws like the California Consumer Privacy Act (CCPA) (Cal. Civ. Code § 1798.100 et seq.) and similar state laws in Virginia, Colorado, Connecticut, and Utah, you have the right to request deletion of your personal information from data brokers. The challenge is that there are over 2,100 data brokers operating in the United States, each with different opt-out procedures.

Manually removing your information from even a fraction of these brokers is nearly impossible for most people. That's where services like GhostMyData become valuable—we scan 2,100+ data brokers (compared to competitors who typically cover 35-500) and use 24 AI agents to automate the removal process continuously. You can see what information is currently available about you with a free scan.

Additional Privacy Measures

Limit what you share online: Every piece of information you post publicly can be collected by data brokers and used by scammers. Review your social media privacy settings and minimize public posts.

Use email aliases: Services like SimpleLogin or Apple's Hide My Email let you create unique email addresses for different services. If one gets compromised, you know exactly where the leak occurred.

Be cautious with "free" services: Many apps and websites offer free services in exchange for collecting and selling your data. Read privacy policies and consider whether the trade-off is worth it.

Review app permissions: Many mobile apps request access to contacts, location, and other data they don't need. Regularly audit and revoke unnecessary permissions.

Educate Yourself and Others

Stay informed about new scam tactics: Scammers constantly evolve their methods. Follow cybersecurity news sources and PayPal's security updates.

Share knowledge: If you receive a scam attempt, warn friends and family. Many victims could have been saved if someone had alerted them to current scam tactics.

Question everything: Healthy skepticism is your best defense. If something seems off, trust your instincts and verify independently.

FAQ

How can I tell if a PayPal email is legitimate?

Legitimate PayPal emails always come from @paypal.com or @e.paypal.com domains, address you by your full name (not "Dear User"), and never include attachments or requests for sensitive information like your full credit card number or Social Security number. To be absolutely certain, don't click any links in the email—instead, log into your PayPal account directly through your browser and check for notifications there. If there's a genuine issue with your account, it will be displayed in your PayPal message center.

What should I do if I clicked a link in a PayPal phishing email?

If you clicked a link but didn't enter any information, run a full malware scan on your device immediately. If you entered your PayPal credentials, change your password right away by going directly to www.paypal.com (not through any link), enable two-factor authentication if you haven't already, review your

PayPal Scams: How to Protect Your Account in 2026