Phishing scams include the distribution of phishing emails that direct readers to a fake PayPal website where they are asked to type their usernames, passwords and sometimes even their credit card details. After receiving these credentials, the attacker can access the PayPal accounts of the unsuspecting victims. If you think an email that apparently comes from PayPal is a scam or you discover a fake PayPal website, forward the email or report the website to the PayPal fraud team and change your PayPal password immediately.
Identifying Phishing Emails
PayPal doesn't use generic greetings such as "Dear User" or "Hello PayPal Member." The company always uses your full name -- or business name -- in the greeting. PayPal never asks for your personal or financial information in an email. PayPal never sends attachments with its emails and never asks you to install software updates by clicking a link in the email. If the email tells you that something is going to happen to your PayPal account if you don't take action immediately, go to the Resolution Center on the PayPal website; actual problems, if any, with your PayPal account are listed there. Report the email immediately if it contains nonsecure links -- URLs that don't begin with "https."
Report Phishing Emails and Fake PayPal Websites
Forward an entire email to "email@example.com" if you think it didn't come from PayPal. Do not forward the email as an attachment or change anything in it. Don't respond to the email, and delete it from your inbox immediately after forwarding it. PayPal will reply to your email to let you know if the email you sent to its fraud team is legitimate or fraudulent.
Keep the PayPal community safe by reporting fake PayPal websites. Copy the address of the website and paste it in to a new email. Send the email to "firstname.lastname@example.org" to report the website to PayPal. The fraud team will check your link and work to take down the fake website. Do not type any personal or financial information on the suspect website. Do not click on any links or download anything from the suspicious website.