author photo
By Bruce Sussman
Wed | Aug 8, 2018 | 6:32 AM PDT

If it feels like impostor emails land in your inbox faster than you can hit delete, you are not alone.

And hackers and online scammers love to send fake PayPal emails.

The problem is, they mix right in with authentic emails and together, the notes leave you wondering if you can afford to ignore them.

We've already reported on how to spot a fake Apple email, now let's focus on how to spot a fake PayPal message. 

The nickname for this type of hacker attack is a "phishing email" because the email is actually bait and the bad guys hope you'll take the bait—hook, line and sinker.

Examples of a fake email from PayPal

Here are three examples of actual fake emails that appear to be from PayPal but are not.

A very important thing to note: Each fake PayPal email has something urgent you must act on quickly. Hackers hope this will override your suspicion you are looking at a fake.

Example #1 is the "Update Required" fake PayPal email. It wants you to click a link (Log in here), which will take you to a fake website that looks like PayPal.

Once you are on the "spoofed" website, it asks you to "Please provide the information needed." Here's a shocker, they need your username and password.

As soon as you give hackers that information, they'll be selling your information to other criminals or draining your PayPal account balance.

paypal-email-fake

Example #2 is the fake PayPal email that contains a "We're about to delete your account forever" type of warning. Notice it says "PayPal accounts can only be restored within a short period of time after deletion."

In other words, hackers are telling you to click the link they sent right away. They are claiming this is urgent.

paypal-fake-email-scam

Example #3 is the "unusual activity" PayPal email. It asks you to "Log in to confirm your account," and hackers (posing as PayPal) put something in the letter to get your guard down: "We may ask you to confirm information you provided when you created your account to make sure you're the account holder." 

In other words, if you click the link they sent along, you can enter a lot of your account information into a fake PayPal website, hackers will have it, and then either sell it or use it themselves to take over your account.

pay-pal-fake-email-scam
How to spot a fake PayPal email (clues)

PayPal knows fake and spoofed emails are a problem. So they have issued these guidelines to keep you safe.

Here are signs to help you spot a fake PayPal email alert.

  • It begins with a generic greeting like "Dear user" or "Hello, PayPal member." Instead, the company says, "We'll always begin with your first and last name or the business name on your PayPal account."
  • It asks for financial and other personal information. "Our emails will never ask for your bank account number, debit or credit card number etc," says PayPal.
  • It asks for PayPal account details. Says PayPal, "We will never ask for your full name, your account password, or the answers to your PayPal security questions in an email."
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account.
  • The email includes a software update to install on your computer.

How to protect yourself from fake or spoofed emails

Hackers and those who create these phishing emails are getting smarter at their craft and more creative than ever.

If you think you have a fake PayPal email in your inbox, do these three things:

  1. Forward a copy to spoof@paypal.com. The company will investigate it and respond.
  2. Never use any of the links, web addresses, or phone numbers in the email.
  3. Go directly to the company website (you probably have a link), and either login from that page or call the number you find on the website.

Going directly to the source as you typed it into the keyboard will help protect you from falling victim to an email scam about PayPal, Apple, or any other company.

Comments