PayPal is one of the most popular payment platform. Its popularity is part of its appeal. If you want to send money to somebody, PayPal is the platform that they're most likely to already use.

Unfortunately, the popularity of PayPal also makes it useful for crime. Many phishing emails are now designed for no other purpose than to steal PayPal account information. And if you fall for one, it's possible to lose more than just your PayPal balance.

So how do these emails work and more importantly, how can you tell when you're reading one?

What Is a PayPal Phishing Email?

PayPal phishing emails are a type of email spam. They are designed to trick people into revealing their PayPal account password. They achieve this by making people think that PayPal is contacting them. But when you follow the instructions in such an email, you are actually communicating with somebody else.

PayPal is a popular choice for email phishing because it's a financial services company and because so many people already receive legitimate emails from them.

How Do PayPal Phishing Emails Work?

email spam sender

A PayPal phishing email will typically tell you that there's some kind of problem with your account. The sender obviously doesn't know when you last used your account so usually it will be something generic. The email might tell you that there was a suspicious log in attempt or some other kind of unusual activity.

The email will usually also include a reason for you to take action. For example, it might say that your account will be limited until you do.

To fix your account, you will usually be invited to log into your PayPal account by clicking on a link. When you click on the link, however, you will be taken to a malicious website.

The malicious website will look virtually identical to PayPal's website but when you attempt to log in, your password will be stolen. The password can then be used to sign into your account and steal from you. The attackers will not only gain access to your PayPal balance but also any connected cards.

Sometimes, the malicious website will also request additional information. For example, it might ask you for a photograph of your identification in order to verify your account. Additional details such as this can then be used for identity theft.

Some PayPal phishing emails even ask you to download software. The software will usually be a keylogger which can be used to steal any password that you subsequently enter onto your device.

Where Does the Money Go?

Many users believe that their PayPal account is relatively secure because it offers fraud protection and it can only be used to send money to other PayPal users.

Unfortunately, this doesn't prevent thefts. Criminals create anonymous PayPal accounts and simply withdraw the money before it's recovered. They also use stolen PayPal accounts to buy expensive products which can then be resold.

This means that, while having your PayPal account hacked isn't as bad as having your bank account hacked, it's not far behind.

How to Recognize a PayPal Phishing Email

phishing information theft

PayPal phishing emails range from easy to recognize to almost perfect replicas. Regardless of which type you're dealing with, here's how to tell the difference.

Check the Email Address

The easiest way to spot a phishing email is to look carefully at the email address. Any legitimate email from PayPal will end with @PayPal.com.

Scammers use a range of tricks to make their email addresses look legitimate, so be extra careful.

Look for Your Name

If you're a PayPal user, the company obviously has your details on file. Because of this, they will never send you an email that starts with a generic introduction such as "Dear Sir".

Scammers simply do this because they don't know what your name is. PayPal staff do use your real name because it helps to show that they are legitimate.

It's important to note that, while the omission of your name is a sign of spam, its inclusion isn't always a sign of legitimacy. If a criminal has your email address, it's possible that they received additional information about you from the same place.

Look for Information Requests

PayPal is well aware that its users are often the target of scams. Because of this, they will never ask you for sensitive information such as your password via email.

Regardless of how legitimate an email seems, if it asks for your password or any other personal information, it should be ignored. This advice also applies if anyone ever calls you on the phone.

Don't Download Attachments

PayPal will never send you an email with an attachment. Attachments are such a popular tool for spreading malware that most respectable companies avoid their use entirely.

You should also be suspicious of any email that asks you to download anything.

Look for Small Mistakes

ransomware warning icon

Some phishing emails use professional language and are very difficult to spot by appearance alone. The majority, however, will have telltale mistakes.

Look out for spelling errors, unusual phrasing, and poor formatting. Legitimate emails from PayPal are proofread and perfectly formatted so any kind of mistake should be a cause for suspicion.

Don't Click on Malicious URLs

If you receive an email with a link in it, this isn't automatically cause for concern. Many PayPal emails include some kind of link back to their website.

An easy way to tell the difference between malicious and legitimate PayPal emails, however, is to check where the links actually lead.

To check the destination of a link, simply highlight the text, right click, and click Copy Link Address. Then just paste the address into your browser or a text editor, but don't click Enter.

If the link leads to any domain other than PayPal.com, it's a phishing email.

Ignore Emails That You Have Doubts About

PayPal phishing is effective because most PayPal users value their accounts. And so, many will respond to questionable emails that they aren't entirely sure about.

If you receive such an email, always log into your account in a separate tab or browser before interacting with it. Needless to say, you should do this by typing in the address manually.

If there's really a problem with your account, you'll receive a message about it there.