Security8 min read

PayPal Email Scam: How to Tell if a PayPal Email Is Real or Fake

Scammers send millions of fake PayPal emails every day that look almost identical to the real thing. This guide shows you exactly what genuine PayPal emails look like, the tell-tale signs of a fake, and what to do if you already clicked a link.

By Achyuth Kumar · Founder, TempMailKit

Published · Last reviewed by the TempMailKit editorial team

PayPal is one of the most impersonated brands in the world. Every day, millions of fake PayPal emails land in inboxes telling people their account has been limited, a payment has been sent they did not authorise, or their details need to be confirmed. The emails look convincing — PayPal's logo, blue colour scheme, professional layout. But clicking the link inside them takes you to a fake page designed to steal your credentials, your financial details, or both. This guide explains how to tell a real PayPal email from a fake one, what to do if you have already interacted with one, and how to protect yourself going forward.

What Fake PayPal Emails Look Like

Phishing emails impersonating PayPal almost always follow one of a handful of scripts, because they are designed to create urgency that overrides careful thinking. The most common types you will encounter are:

Account limitation notices — "Your PayPal account has been limited. To restore full access, please verify your information within 24 hours." These create pressure with a deadline and threaten loss of access. The link inside goes to a fake PayPal login page.

Unauthorised payment alerts — "You have sent £299 to [some name]. If you did not authorise this transaction, click here immediately to dispute it." The fear of money leaving your account is the hook. In reality, no payment has been made — but clicking the dispute link takes you to a credential-harvesting page.

Account verification requests — "Your PayPal account requires verification. Please confirm your bank details to continue using your account." Real PayPal never asks you to confirm bank details by clicking a link in an email.

Invoice scams — A fake invoice is sent through PayPal's own invoicing system (which means it actually comes from service@paypal.com) for a product or service you never bought. The invoice contains a phone number to "dispute" the charge — that number connects you to a scammer, not PayPal.

How to Tell a Real PayPal Email From a Fake One

The single most reliable check is the sender's email address. Every genuine email from PayPal comes from an address ending in @paypal.com — nothing else. Check the actual address, not just the display name: scammers routinely set the display name to "PayPal" while the actual address is something like paypal-security@gmail.com, paypal-notice@accounts-confirm.net, or service@paypalsecure.com. Any variation from @paypal.com is a fake.

The second check is your name. Real PayPal emails address you by your full name as it appears on your account: "Dear [First Name] [Last Name]." Phishing emails almost always use generic greetings like "Dear Customer," "Dear PayPal Member," or "Dear User." If the email does not use your actual name, do not trust it.

The third check is the link destination. Hover over (do not click) any link in the email and look at where it actually goes. Real PayPal links go to paypal.com. Fake links go to domains like paypa1.com, paypal-secure-login.com, paypal-account-verify.net, or completely unrelated domains. On mobile, press and hold a link to preview its URL before tapping.

You can also bypass email entirely: if you are concerned about a genuine account issue, open a new browser tab, type paypal.com yourself, and log in directly. If there is a real problem, it will be visible in your account. If everything looks normal, the email was a fake. This is the safest approach for any urgent-sounding financial email.

The PayPal Invoice Scam Specifically

The invoice variant is tricky because it genuinely arrives from service@paypal.com — PayPal's real domain. Scammers create a PayPal account, use PayPal's legitimate invoice system to bill you for a product you never bought, and include a fake "dispute" phone number in the invoice notes. When you call the number to dispute the charge, you reach the scammer, who then tries to convince you to share your PayPal login, give them remote access to your computer, or send money via gift cards to "reverse" the fake transaction.

The key point: the invoice arrives from a real PayPal address, so checking the sender domain alone is not enough for this variant. Always log into your PayPal account directly to check for actual invoices. If an invoice exists in your account and you did not request it, you can decline it from within PayPal — no phone call needed. Never call a phone number printed inside an invoice you were not expecting.

What to Do If You Already Clicked

If you clicked a link in what you now believe was a phishing email: do not enter any information on the page that opened. Close the tab immediately. If you already entered your PayPal password, go to paypal.com directly (not via any link) and change your password right now. If you entered banking or card details, contact your bank immediately to report potential fraud and request a card replacement if applicable. Enable two-factor authentication on your PayPal account under Settings → Security. Check your PayPal transaction history for any unauthorised activity and report it through PayPal's Resolution Centre.

If you called a phone number in a fake invoice and the person asked for remote access to your computer, run a malware scan with a reputable security tool immediately, since remote access is frequently used to install malware or extract saved passwords from browsers.

How to Stop Receiving PayPal Phishing Emails

You cannot stop scammers from sending fake PayPal emails, but you can limit your exposure. Your real email address ending up in scammer lists usually comes from data breaches at websites you signed up to using that address. When your address is in a breach dump, it gets sold and used for phishing campaigns targeting every major financial service. Using a disposable email address for low-trust sign-ups keeps your real address out of those dumps — and the breach lists that feed phishing operations. For your actual PayPal account, use your real email, but for everything else that does not need a permanent address, consider a throwaway inbox or an alias service. You can check whether your address is already in known breach dumps at haveibeenpwned.com.

Forward actual PayPal phishing emails to spoof@paypal.com — PayPal's dedicated abuse team reviews these reports and works to shut down phishing infrastructure. Then delete the email.

The Short Version

Fake PayPal emails follow a predictable playbook: urgent subject line, generic greeting, threat to your account or wallet, link to a fake login page. The fastest checks are the sender address (must be @paypal.com exactly), whether your full name is used, and whether links actually point to paypal.com. The invoice variant is the trickiest because it arrives from a real PayPal address — never call a phone number in an unexpected invoice. If in doubt, ignore the email entirely and log in to PayPal directly by typing the address in your browser. If there is a real problem, you will see it there.

Frequently Asked Questions

How do I know if a PayPal email is real?

Check three things: the sender address must end in @paypal.com exactly, the email must use your full name as registered on your PayPal account, and any links must point to paypal.com (hover before clicking to see the real destination). If any of these fail, it is a fake. When in doubt, log into PayPal directly via your browser rather than clicking any link in the email.

Will PayPal ever ask me to confirm my bank details by email?

No. PayPal will never ask you to provide, confirm, or update your bank account or card details by clicking a link in an email. If you need to update payment information, do it by logging into paypal.com directly. Any email claiming to need banking information confirmed via a link is a phishing attempt.

I got a PayPal invoice for something I never bought. What do I do?

Log into your PayPal account directly and check your invoices there. If the invoice exists, you can decline it from within PayPal — do not call any phone number listed in the invoice, as that number connects you to the scammer. If the invoice does not appear in your actual PayPal account, the email was spoofed and you can ignore and delete it. Report it by forwarding to spoof@paypal.com.

I entered my password on a fake PayPal page. What do I do now?

Go to paypal.com directly (type the address, do not click any link) and change your password immediately. Enable two-factor authentication in your account security settings. Check your transaction history for any unauthorised payments and report them through PayPal's Resolution Centre. If you used the same password on other accounts, change those too — credential stuffing attacks try leaked passwords across multiple services.

Achyuth Kumar

Founder & editor, TempMailKit

Achyuth builds privacy tools and writes TempMailKit’s guides on email security, spam, and online privacy. Every article is checked against primary sources and our editorial policy before it is published. Questions or a correction? Get in touch.

Ready to protect your inbox?

Generate a free temporary email address in one click. No sign-up required.

Get a Free Temp Email