Safer Web

PayPal scams: How they work and how to spot one

Dawna Roberts

Mar 12, 20246 min read

PayPal scams: How they work and how to spot one: Header image

PayPal is one of the oldest and most widely used online payment platforms. It is tightly integrated with eBay, and users send and receive money through it every day. Because of its popularity, PayPal is often used to target victims through attempted scams. 

To stay safe from these very common schemes, you must understand what a PayPal scam is, the common types of PayPal scams, and how they work. It’s also important to know how to recognize and report PayPal scams. Keep reading to learn how to stay safe.

What is a PayPal scam?

A PayPal scam is a trick used by cybercriminals in which the attacker pretends to be from PayPal or references a fake transaction related to the online payment system. They do this in order to elicit payments from you or to break into your account to steal funds.

How PayPal scams work

PayPal scams are often effective because so many people make routine payments through the platform or receive money that way. Hackers bank on the fact that a user may not thoroughly read an email or notification closely enough to identify when something is off. They are hoping you act quickly before stopping to think about it. 

Most PayPal scams are conducted through phishing emails that implement scare tactics. If, for example, you receive an email that looks like it’s from PayPal, warning you that your account was compromised, it may cause some alarm. You might click the provided link to “fix” your account before fully thinking things through. Don’t do it. The link could be part of a scam. 

Common types of PayPal scams

There are dozens of different types of PayPal scams out there. Some of the most common to watch out for are the following.

PayPal scams using email

By far, the most common scams use email to trick unsuspecting victims and follow a pattern similar to the previous example. In many cases, an email will claim to be from the tech support team at PayPal, alerting you to a problem with your account. The email will urge you to click a link and log in to your account immediately to fix it.

If you do this, the link will take you to a fake website that looks authentic. Here, in the process of attempting to secure your account, you may end up handing over your login credentials or, worse, infecting your device with malware.

Another common type of PayPal scam is a fake bill for something you didn’t order. The sender will urge you to contact them if you didn’t order the product or service. It’s a scam.

A screenshot of a fake bill in a PayPal scam.
PayPal is a trademark of PayPal, Inc.

PayPal text scams

Sometimes, scammers will send text messages to PayPal users. They may pretend to be a government agency and claim that the user owes back taxes or some other urgent debt. They will then pressure you to pay the debt using your PayPal balance. 

Facebook PayPal scams

Facebook Marketplace is a popular venue for buying and selling items. It’s no surprise, therefore, that it is also a popular venue for scams. Attackers may pretend to be sellers and request that you pay using the “Friends and Family” option. The problem is that in addition to avoiding PayPal fees, this option does not include any buyer protection. You could quickly find yourself the victim of a scam.

A screenshot of Facebook Marketplace, a common source of Facebook PayPal scams.
Facebook and Facebook Marketplace are trademarks of Meta Platforms, Inc.

PayPal chargeback scams

If you receive a message saying that someone overpaid you via PayPal and they demand that you return the money, do not do it. This is a common scam in which cybercriminals will reverse the funds sent (if it even was sent). The end result is that you will have paid them out of your own funds. 

These are just a few of the dozens of ways scammers might trick you into paying via PayPal. So, how can you keep yourself safe?

How can you recognize a PayPal scam?

The best way to protect yourself against PayPal scams is to know what to look for and remain constantly vigilant. Below are some red flags to watch out for: 

  • Strange email addresses: An official email from PayPal will have an email address that ends in If you receive a message that does not, suspect a scammer.
  • Sense of urgency: Phishing emails always employ some sort of sense of urgency. Be on the lookout for words and terms designed to make you panic and take quick action. 
  • Suspicious links: Most scam emails will contain a suspicious link that the attacker is hoping you will click. When you’re unsure, hover your mouse over the link to see where it really leads before clicking it.
  • Poor English or bad grammar: Many scammers don’t bother to get the content of their messages exactly right. You may see poor grammar, incorrect punctuation, and misspellings. 
  • Generic greeting: In most cases, a scammer won’t have your name, so the scam email may start with something nonspecific, such as “Dear Customer.”
  • A request for personal information or money: The goal of phishing emails is to make money. They may request personal information (social security number, date of birth, credit card details, bank account numbers, login credentials, etc.) to use for identity theft or fraud. 

How to report PayPal scams

One of the ways we can help each other is to report these scams as they occur. PayPal and law enforcement authorities can better track and apprehend scammers if they know as much about cyberattacks as possible. Always report a PayPal scam if you become a victim.

Report a PayPal scam email

PayPal urges users to report email scams by forwarding any suspicious email messages to them at [email protected]. They will take it from there and contact you if they need more information. 

Report a fraudulent PayPal transaction

If you realize after the fact that someone has gained control of your account or convinced you to send them funds, you can report it to PayPal by following the steps below:

  1. Log on to PayPal.
  2. Visit the Resolution Center.
  3. Click Report a problem.
  4. Choose the payment you need to report and click Continue.
  5. Select the option “I want to report unauthorized activity.”
  6. Follow the rest of the steps to complete the process.

The company will investigate the matter. If they determine that fraud has occurred, they will contact you with the next steps.

Report a spoofed PayPal website

Just as with phishing emails, you can send an email to [email protected] to report a fraudulent PayPal website. Include the link to the spoofed website so PayPal can investigate. 

How to avoid scams on PayPal

When it comes to cybersecurity, sometimes the best defense is a good offense. Arm yourself with knowledge by learning how to avoid PayPal scams, and you won’t have to clean up the aftermath later. The following are some tips to prevent PayPal scams. 

Be cautious of suspicious emails

Always be on the lookout for fraud and scams. Take your time to read alarming emails, but don’t ever click any links. If you must visit a website, type the address into your browser.

Never pay a stranger

Unless you know a person, do not send them money online. And if a stranger contacts you demanding payment through PayPal, don’t do it. Odds are, you’ll never see that money again.

Always check email addresses

Anytime you receive a suspicious email, check the sender’s address. If something is clearly wrong, delete or report it. 

Stay alert

If you receive an alert informing you that you won a prize or offering you a great deal on something, thoroughly check it out before taking any action. Many of these “too good to be true” deals and prizes are scams. 

A screenshot of a "won a prize" PayPal scam.

Common sense goes a long way toward staying safe from fraud and theft, and PayPal scams are no exception. Hackers will stoop to any number of methods to try to trick you, so always be suspicious of messages you receive via email, text, or online notification. And always check things out thoroughly before making payments to anyone using PayPal. 

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.