Phishing and spoof emails are a leading cause of stolen information and identity theft, and they can be hard to spot. Fake emails often look like the real thing so it’s important to stay vigilant online.
Don’t have a PayPal account? Sign up for free
What is phishing?
Phishing emails and hoax websites ask you to click on links, contact them, or open attachments to update your account information, confirm your password or confirm a purchase you haven’t made. When you follow the links, the sites are unsecured, letting the fraudsters collect your login details and/or financial information.
Recognize fakes when you see them.
Phishing scams almost always imitate well-known companies and include company logos, official-looking email templates, or phone call scripts similar to genuine company communications. There are some things to look for that can help you tell the difference.
Emails.
Look for these signs when you receive an email you weren’t expecting.Is the greeting generic or missing? Our emails always include your full name exactly as shown in your account.Are there attachments?Do the links look genuine? Hover over them before clicking to check.Is the design or logo out of date?Does the email demand you act immediately?Are there spelling or grammatical errors?If you answer “yes” to any of the above, the email may not be legitimate.
Websites.
Whenever you land on a website from a link, check for these signs to make sure you’re safe.Is the S (for “secure”) missing from the “https” at the start of the web address?Is the padlock in your browser’s address bar missing?Is the design or logo out of date?Are there spelling or grammatical errors?Does the website address look unusual?If you answer “yes” to any of the above, you might be on a hoax website.
Texts.
Smishing or mishing is the SMS or text equivalent of a phishing email. It can even come through social media apps and sites. The message is usually urgent, asking you to call a number or click a link to cancel a transaction you don’t recognize or update your information.
Voice calls.
Vishing is a voice call phishing attempt. It’s often a recorded message that tells you there’s an urgent problem or you have an overdue bill. They may even mention the police or government authorities. Don’t call them back, even if the caller ID says “PayPal” or another trusted company.
Found a fake?
If you’ve received a phishing email or stumbled across a hoax website, even if you’re not sure, forward it to us at spoof@paypal.com and we’ll investigate it. Make sure you forward the email (don’t send it as an attachment) so valuable tracking information about the source stays intact. Once done, delete the email permanently from your inbox – never click any links.
Communicate with PayPal the safe way.
Never share sensitive information by email with anyone, not even PayPal. Always log in at PayPal.com to update your bank or credit card details, email address, password or name, or to provide proof of identity documents like your driving licence.
Visit PayPal.com
Always manually enter the PayPal URL into the address bar in your browser.
Use our Help Centre
Visit the Contact or Help link on any PayPal webpage to get in touch.
Use site safety rating tools
Services like WebAdvisor, WOT and Safe Web can alert you before you click.
Have you been phished?
There are many clever fakes out there and new ones are being created all the time. So, despite your best efforts, it could still happen to you. If you think you’ve clicked on a fake email, text, or website or provided your secure information to the wrong people, here’s how to protect yourself:
1. Run an antivirus scan on your system to make sure you didn’t pick up any malware.
2. Change all your passwords, PINs, and security questions immediately.
3. Report it to the police, PayPal, your bank, and credit card providers.
4. Keep an eye on your online account statements for unusual activity.
source : https://www.paypal.com/id/webapps/mpp/phishing?locale.x=en_ID