While new PayPal text message scams crop up almost every month, fraudsters sometimes revert back to tactics that have previously proved successful. A text message falsely warning that you've sent money to an unknown recipient via PayPal is doing the rounds once more, and if you follow the link provided to query this, you'll end up handing over your financial details to a scammer.
PayPal scams are increasingly common, with the fintech giant the go-to system for making payments over the internet. Scammers frequently attempt to leverage the popularity of PayPal by sending imitation emails that claim to be from the company, and the same principle is regularly used via text messages.
We explain what to watch out for with PayPal phone scams as well as other Paypal scams – but we'll also show you what happens when you play along, so you can see how it works in practice.
How PayPal Text Scams Work
There are various kinds of PayPal text scams, but they all start with prospective victims receiving a message purporting to be from a PayPal number or email address.
Typically, the message will claim that some sort of “action” (such as a payment being sent, received, or failing) has taken place on your account. The scammers provide a link for you to click on to “check” the transaction. Here's an example:
Though this masquerades as an official PayPal link, it's nothing of the sort. Squint, and you might even spot the key difference – it's to a similarly-named site called “pay-pail[dot]com”. So, in this message, we have all the calling cards of a classic scam:
- The implication that you've lost money/been hacked
- A lack of detail regarding how this happened
- An instruction to check your account
- A clickable link that looks like it's from a legit business (i.e. PayPal)
Plenty of recipients will be savvy enough to delete the message and go no further – but the social engineering tricks listed above trick millions of people into handing over their personal and financial details every year.
What happens if you actually click on the link? We found out.
Playing Along With the PayPal Text Scam: What Happens
Nope, we didn't pay “Lucy Parker” any money. But, the text message – received from an account rather bluntly named ‘PAY' – insists we've generously sent money her way.
The hope is, you'll rush to take action and fail to stop and consider if this is to be trusted. Using a safe network, we tapped on the link in the message (never do this yourself) to see how the scammers attempt to part victims with their money.
The first thing you'll see if you tap the link is a website that looks uncannily like the real PayPal site:
It's actually very simple for a scammer to lift the branding – including official logos– from a legitimate brand and pass off a fraudulent website as the real deal. Look at the URL web address though, and you'll see that this is the phony ‘pay-pail' site, not the real thing.
Though it's dressed up with links (a Contact Us and Privacy Page, as well as a link if you're having trouble signing in), none of these lead anywhere – they'll simply take you back to the same scam site and encourage you to log in with your email address and password.
Handing your details to scammers
We followed the path set out by the scammers, entering false information every step of the way. The very fact you can proceed with a made-up email address and password proves just how phony the whole setup is.
Along the way, scammers demand a huge amount of sensitive data. This includes:
- Your full name (we gave the middle name of ‘Danger')
- Your date of birth
- Your full home address
- Your mother's maiden name (also Danger, in our case)
- Your full card number and expiry date
- Your “Verified by Visa” Password
It goes without saying that this is an exceptional amount of sensitive and financial data. Give this level of detail to a scammer and they can lift a potentially huge amount of money from your account.
So, what should you do if you receive a PayPal text scam yourself? There are two main options:
Delete it – plain and simple. Get rid of the message and don't look back. Your number will be one of thousands targeted, so don't worry that you're being singled out.
Report it – be a good citizen and help PayPal stay on top of phishing scams and other cyber attacks. Alert PayPal at firstname.lastname@example.org.
PayPal Text Scams: Common Tactics
All PayPal scams follow a similar format and will try and inject a sense of urgency into your decision-making, but there are a variety of different types of PayPal scams. They're all designed to try and coax you into handing over your login details.
Order confirmation scam texts will tell you that an order has been placed using your Paypal account, and you can check the status of the order by logging into your PayPal account via a link.
“Your account is suspended/blocked” scam texts will tell you that your account has been suspended, and you need to log in to either re-verify your details or withdraw your money from the account. “Your account has been restricted” is also a common variant of this format used by scammers.
Fraud alert scam texts will try and scare you into quickly clicking a link contained within the message by suggesting your account has been involved in some sort of fraud, or fraudulent payments have been sent from your account.
“Unusual activity” scam texts will falsely notify you that “unusual” activity has taken place on your account, and might instruct you to enter your details to confirm your identity as the account holder.
As we've mentioned, you can report these scams – as well as other scams – to email@example.com.
Receiving Random PayPal Security Codes
Some users have recently reported receiving security passcodes from PayPal seemingly at random, even though they haven't attempted to log in to their PayPal accounts.
Unfortunately, this means that someone may have successfully guessed your passcode and is attempting to break through the two-factor authentication measures you've implemented on your account.
This is almost certainly the case if the messages are coming from a “short code” number, which is used by companies like PayPal to distribute messages en masse.
If you are receiving PayPal security codes you did not request via logging in, change your PayPal password immediately, and any other account that uses the same credentials.
PayPal Email Scams
As we’ve briefly discussed, along with PayPal text scams, PayPal email scams remain a problem. PayPal contacts customers by phone and email, so it’s natural that threat actors will impersonate the company across both platforms for maximal effect.
PayPal email scams have similar features to the text message versions. They almost always contain:
- Malicious links disguised as legitimate PayPal links
- An email address that mimics a legitimate PayPal email
- PayPal branding, logos, and other company and other PayPal insignia
- Spelling and grammar errors
However, Scammers are often finding new and inventive ways of conveying legitimacy in scam emails. Here's an interesting example from Reddit that comes from a genuine PayPal address:
If you look a little closer, however, you'll see some odd capitalization in the warning message at the bottom. What's more, the customer support number in this email does not match the number listed on PayPal's actual site.
“I believe what happened here is that the scammer opened a PayPal business account called “Target Premium service” and then generated an invoice from the web interface of that account” explains Reddit user No_River7337 in a thread. “This creates an invoice with comments to be delivered through PayPal via email to the intended recipient.”
Naturally, you should always inspect the part of the email where the address is listed because most phishing scams still come from shady addresses.
The above scam, however, should serve as a warning that a clean-looking email address is not a definitive trust signal. If you've received correspondence regarding a transaction you don't recognize, do not proceed using contact details from that email.
How to Protect Yourself From PayPal Scams
Don’t worry if you’re not that tech-savvy, or generally unsure of the telltale signs of a phishing scam that impersonates PayPal, Geek Squad, Netflix or otherwise. There are a few simple principles you can deploy while you leaf through your emails and text messages that will significantly decrease your chances of falling victim to a PayPal scam.
If you suspect an email may be suspicious:
- Do not click links included within it
- Do not ring any phone number provided
- Do not reply to the email in any way
- Forward the email to firstname.lastname@example.org
Whatever the situation, we'd always advise starting your own line of communication with PayPal (i.e. contacting the company through its publicly listed customer support channels).
This is always the best course of action if you have any lingering doubts regarding the legitimacy of any given email, whether it's from PayPal or another company. If in doubt, don’t reply, and certainly avoid clicking on anything.
Why Using Strong Passwords Is Crucial
If you fall for a scam like this and enter your details, the scammers will have the keys to the kingdom – your email address and password combination.
If like far too many online users, you re-use the same email address and password across multiple accounts, then you've inadvertently handed over your login details for multiple sites.
For that reason, we strongly recommend using a password manager. These simple tools can automatically generate unique, complex passwords for every site or service you use, and will log you in automatically.
See our reviews of the best password managers for more information about what's on the market. On top of this, if you're a PayPal customer, make sure you're keeping your ear to the ground for the latest PayPal text scams.
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored' table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page