Protect Yourself from Fraudulent Emails

What is a fraudulent email?

A fraudulent (spoof) email pretends to be from a well-known company, such as PayPal or eBay, in an attempt to get personal information from you. People who send spoof emails hope to use your information - such as credit and debit card numbers or account passwords - to commit identity theft.

You can prevent spoof from affecting you

Spoof, or "phishing," emails - and the spoof websites often associated with them - are deceptive in appearance. However, they contain content that reveals they're fake. The most important thing to do to protect yourself is be able to spot this misleading content.

Know a spoof when you see it

Frequently, a spoof email looks something like this:

What to watch out for

1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member."
2. A false sense of urgency. Most spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP.
3. Fake links. The text in a link may attempt to look valid, then send you to a spoof address. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. If the link looks suspicious, don't click on it. And be aware that a fake link may even have the word "PayPal" in it.

Learn more ways to spot spoof

Read PayPal's 10 ways to recognize fake (spoof) emails now.

Questions PayPal will never ask you in an email

To help you better identify fake emails, we follow strict rules. We will never ask for the following personal information in emails:

• Credit and debit card numbers
• Bank account numbers
• Driver's License numbers
• Email addresses
• Passwords
• Your full name

Ways to fight spoof

• Report it. Forward the entire email - including the header information - or the site's URL to spoof@paypal.com We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
• Use Account Guard on the eBay toolbar. If you use Internet Explorer, download the eBay toolbar. Account Guard helps ensure you are on PayPal or eBay. Download the eBay toolbar now
• Use the SafetyBar. Email security provider Cloudmark has engineered a toolbar for Microsoft Outlook you can use to report spoof emails. Should you receive a spoof, click the SafetyBar's "Block Fraud" button to automatically report it to us. Download the Cloudmark SafetyBar now
  

We're dedicated to protecting you

PayPal works hard to educate you on the best ways to recognize and fight spoof. Learn more about how PayPal fights fraud for you around the clock.

Steps to take to prevent spoof from affecting you

• Keep your security software current. Update your firewalls and security patches frequently. Consider using software from companies like McAfee and Symantec.
• Monitor your account. Check your account periodically to see if there is any suspicious activity.
• Change your password often. And, if you think your security may have been breached, create a new password immediately.
• Use a unique password. Your PayPal password should be one-of-a-kind, and not used on any of your other accounts. A good password contains letters and numbers. This makes it more difficult for people to guess it.
• Take action. If your information is compromised, get a fraud alert placed on your credit report.

Get more information on how to prevent fraud

To download security tools, report fraud, and learn more about how we protect you, visit the PayPal Security Center today.

10 ways to recognize fake (spoof) emails

1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
   • Direct you to a spoof website that tries to collect your personal data.
   • Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
   • Cause you to download a virus that could disable your computer.
5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
6. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
   • If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
   • Even if a URL contains the word "PayPal," it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
   • Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
   • Never log in to PayPal from a link in an email
7. Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
9. Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.