Learn how to spot and avoid fraudulent "spoof" emails and websites with PayPal's handy 5-step spoof tutorial.
What is Spoof?
A spoof or phishing (pronounced "fishing") email is an email that is designed to look like it comes from a well-known company and that
tells some story to get you to click a link or button in the email.
The links or buttons in the email take you to a website that is also called a "spoof" because it, too, fakes the appearance of a popular website or company. The
spoof site asks you to input personal information, such as your credit card number, Social Security number or account password.
You think you are giving information to a trusted company, when in fact, you are supplying it to a criminal.
Common deceptive tactics of spoof emails and websites.
The following pages will help you prevent falling for a spoof email and protect your account. The lessons learned here can be applied not only on PayPal, but wherever you
do business online.
Think an email is a spoof? Forward it to email@example.com.
Remember: The "From" field of an email can easily be altered—it is not a reliable indicator of the true origin of the email.
Warning Signs of a Spoof Email
Many spoof emails look very real. While there are some telltale signs, it can often be difficult to identify fake emails.
Whenever you get an email about your PayPal account, the safest and easiest course of action is to open your browser and log in to your PayPal account directly without clicking any links in the email.
Warning signs that an email about your PayPal account are fake include a generic greeting, a false sense of urgency, and links that don't include
"https://www.paypal.com" immediately before the first "/".
Remember: If you have any doubt about the authenticity of a PayPal email, simply open a new web browser, type in www.paypal.com and perform the requested activity.
How to Spot a Spoof Website
You can count on the fact that a spoof email will take you to a fake website. You can also be sure that this spoof site will ask you
to type in personal information, such as credit card number, Social Security number or account password.
One warning sign of a spoof site is that often the link in the email will not match up with the URL of the site it takes you to. Some sites may fake the URL bar to hide
the mismatch, but don't include a secure lock icon at the bottom of the browser window.
Legitimate PayPal web addresses.
To determine if the web address in your browser is a real PayPal address, look for
before the first "/".
Examples of fake PayPal addresses:
Real PayPal address:
Remember: Never click a link in an email if you are unsure of its origins, especially if the email asks for personal financial information.
What to Do About Spoof Emails and Websites
The good news about spoof emails is that you are in control—you can protect your personal financial information
by ignoring the spoof email altogether. You should never provide contact, sign-in or other sensitive personal information to any page you get to by clicking a link in an email.
To help you better identify legitimate emails that PayPal sends you about your account, we follow strict rules. We will never ask for the following personal information
- Credit and debit card numbers
- Bank account numbers
- Driver's license numbers
- Email addresses
- Your full name
We will also never ask you to download an attachment or software. Attachments often contain viruses that harm your computer or may compromise your account.
Reporting Spoof emails is easy as 1-2-3.
If you have any doubt whether an email is really from PayPal, here's how to report it:
Forward the message to firstname.lastname@example.org.
Don't alter the subject line or forward the message as an attachment—doing so prevents us from investigating it further.
Once you have forwarded the email, you can then delete it from your email account.
Remember: Think an email may be a spoof? Forward it to email@example.com.
Protect Your Account
We're dedicated to protecting you.
PayPal works hard to educate you on the best ways to recognize and fight spoof. Learn more about how PayPal fights fraud for you around the clock.
Steps to take to prevent spoof from affecting you.
- Use eBay Toolbar with Account Guard. For Internet Explorer users, eBay Toolbar helps you prevent falling for spoof by indicating when you are on a legitimate eBay or PayPal
Download the eBay toolbar now
- Use the SafetyBar. Email security provider Cloudmark has engineered a toolbar for Microsoft Outlook you can use to report spoofing emails. Should you receive a spoof, click the
SafetyBar's "Block Fraud" button to automatically report it to us.
Download the Cloudmark SafetyBar now
- Keep your security software current. Update your firewalls and security patches for your operating system frequently.
- Monitor your account. Check your account periodically to see if there is any suspicious activity.
- Change your password often. And, if you think your security may have been breached, create a new password immediately.
- Use a unique password. Your PayPal password should be one-of-a-kind, and not used on any of your other accounts. A good password contains letters and numbers. This makes it more
difficult for people to guess it.
- Take action. If your information is compromised, get a fraud alert placed on your credit report.
Get more information on how to prevent fraud.
To download security tools, report fraud, and learn more about how we protect you, visit the PayPal Security Center today.
Remember: Vigilance is the best line of defense—periodically check your account and change your password.