Showing results for 
Search instead for 
Did you mean: 

** Spoof / Phishing Emails - Tips on how to identify & stay protected **

Posted on

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.


You’ll know that an email is not from PayPal when:


  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.


Here are some security tips to help you stay protected online:


  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.


If you think you’ve received a phishing email, forward it to and then delete the fake email from your mailbox.


Hope this helps,



137 REPLIES 137

** Spoof / Phishing Emails - Tips on how to identify & stay protected **


This email has the 's' and the loclksymbol but I have no made a  payment via paypal to anyone from this company and its worrying that they have got my email address.


I have sent it on to spoof emails at paypal.


I cant delete the part of the message as you state above as that would mean openning it!





** Spoof / Phishing Emails - Tips on how to identify & stay protected **


I've just tried forwarding the spam e-mails to spoof@ from within my gmail account, and it keeps crashing the system page, they obviously have some kind of a block in place.  So I'm going to try printing them as pdf files and attaching them that way - maybe they can still be checked.  Any ideas welcomed  🙂

** Spoof / Phishing Emails - Tips on how to identify & stay protected **


Indicators on a recent phishing email I have received are


1) "P.A.Y.P.A.L." as part of message header


2) Reply address is ""


3) Email address it was sent to started "flyer@" followed by a general email address that is not recorded with Paypal!


4) Misspelling in this case "We are detected  ....."


5) A form attached to download and fill in ... as if!


** Spoof / Phishing Emails - Tips on how to identify & stay protected **

New Community Member

Hi Siobhan,


It's all very well you asking customers to send e-mails to This doesn't help customers fears as the more I seem to use Paypal the more spoof e-mails I seem to recieve. I want to know what is being done with these e-mails is there actually anything being done at all as I seem to be getting a spoof e-mail every month.


I don't keep getting spoof e-mails for my online banking only paypal.




a very annoyed paypal customer.

** Spoof / Phishing Emails - Tips on how to identify & stay protected **

New member too and agree with everything you say. Did you receive an acceptable reply.

** Spoof / Phishing Emails - Tips on how to identify & stay protected **


In recent weeks this seems to be getting worse been building up being tols my account wil be closed if not updated then when i have logged in being told my details are not the same as you have on the system, i have no problems with my bank on line so why should i have problems with paypal if all security methods are in place, what makes things worse is these **bleep** automated replies from spoof well one reply out of 3 mails forwarded and no replies from customer service, is there not any human beings employed at paypal, am sick of being sent round in circles am so annoyed that if i dont get a personal reply by the weekend i'm closing the account because to be honest this just isn't worth the grief and i have not been given any confidence or reasurance that my account is ok and not been tampered with......................David.

** Spoof / Phishing Emails - Tips on how to identify & stay protected **


Good point well made

** Spoof / Phishing Emails - Tips on how to identify & stay protected **


I just got this little gem:
Important Notice. (content censored by Paypal because they already know these... hum... gentlemen)
5:32 PM
  Confirm your account with PayPaI

Dear Member,

You account has been temporarily Iimited if you want unlock it

please check it from here


Unlock your account


  • Receive cross-border payments from the many countries that PayPal serves.
  • Withdraw your payments to the bank account you selected.
  • Become verified and remove your spending limit.

Yours sincerely,

Copyright © 2016 PayPaI Inc. All rights reserved.














Anyone dumb enough to fall for this?Smiley Very Happy

** Spoof / Phishing Emails - Tips on how to identify & stay protected **




As an ex software developer with a keen interest in security I am rarely tempted by bogus emails.


I did however note a scarily good email which included my paypal email address, my full name, it only asked me to click

on a link to view new legal conditions on my account so it did not ask for sensitive information,


It even had the cheek to include a section "how do I know this is not a spoof" and repeated the advice of given by the paypal employee above - ie we will use your proper name rather than "Dear Pay Pal User". Clearly the scammers are reading this forum ( after all they can get a paypal account just like you or me ) and they are taking on board the information given here.


As an IT guy I knew just to scroll my mouse over the links to see in my browser what domain they led to and decided against trusting a domain which starts. I also inspected the source code of the email.


It seems to me that PayPal need to make an official statement as to what domain names it will include in any legit email.


For instance you could say....


Our emails will always refer you back to a subpage of our domain, all website addresses will begin


We will never use a subdomain  ie


We will never use domains such as

Etc etc.


I would re-itterate this email did not ask me to supply information it simply wanted me to click on a link to read something.

This would have doubtless confirmed to the scammers that they had hit a genuine paypal account holder and that their

follow up scams might work.


I dont feel you have gone far enough here Siobhan and I think my relatives who are not IT professionals could have been

duped. I am myself still unsure whether its genuine or a very good scam but I will not be following those links.


To quote Siobhan: : "When using PayPal, always ensure that the URL address listed at the top of the browser displays as The 's' in ‘https’ means the website is secure."


My Reaction: By time the person has folowed the link in order  to see whether or not they see the security HTTPS it means that they have already gone TOO FAR because they have just told the scammer that they indeed do have a PAYPAL account and that the name and email was correct for the account. I will gladly construct a webpage to show you how I could use website domain registration information, guess that might be the same email address that the person uses for their paypal account, send them an email with a click on this link and encode their email into the URL so when they click on the link my code will log the event telling me that in all probability this person who's name I know from the website registration is actually a paypal account holder and they are using the same email address for their paypal account. Its not enough to hack because I do not know their password but its a **bleep** good start.


Most email readers will show what page youo will be transported to IF you choose to click on the link ( the text is not reliable as the displayed address does not have to be the same as the address you will be transported to ). The time for checking is before people click..


I would like to see a clear statement from paypal about what domains you use in emails for links.


Hopefully you would never use a domain like


If this is correct then say so - tell us what domains you would ever use in an email.


Its no good telling people about the full name stuff - I own a website and its registered to me, any fool can get my full name if they know my website - just go to


As a 20 year IT veteran it troubles me to see such naivety from Paypal staff.


The only real secure way to deal with this is to never provide any kind of link in an email always communicate by insisting that the user logs into we should then be asked to read all messages there. I have never clicked on any links in emails from paypal other than during my initial account opening ( just the confirm email ) I always tap letter by letter into my browser - unless you tell me when I log in of any legal or other news I need to know then you will not be able to successfully communicate with me.


The most you should ever send in an email is a message saying please log in to your paypal account ( but not with a link)

to read updated legal terms or whatever it is you want to say, the advice should say


Your should say "Do not click on any links in this email we always ask you to navigate yourself to"


If you must include links in emails then always from the domain


Please get this straight and then as a corporation make the required statement to all users about what links and domains may or may not be included in emails from you.


I dearly hope that www.paypal-communications is not a domain name that you genuinely own or that you woudl ever include in any email sent to users.

I repeat again its too late by the time the person has gone to a website page because if it is bogus they have just told the scammer that they got the details correct. Just think of unsubscribe emails - they encode your email address and details in the URL - its so easy to tell who it is who just clicked on the link if you gave it to them.

I repeat it is easy to get a long list of genuine emails and names, just focus on people who own websites.


Please get security experts in to deal with information and policy and then make a definitive statement about paypals

domains - tell us which domains you will use in email links so we can make an informed decision before we even click.


Sorry but I am not impressed, I feel that paypal knows that the solution is to state publically

We will never include any links in any of our emails - always navigate to yourself either by typing (safest) or browser bookmarks ( not as safe - but then again if someone has hacked your bookmarks they have probably hacked your browser).



But I am cynical that the reasons for not asking users to do this are to do with not wanting to lose customers who are too impatient to type


Interested to hear your reactions....






Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.