PayPal phishing emails are among the most cloned in the world. They fake payment confirmations, dispute alerts, and account suspension notices. The sender address always reveals the truth.
About this scam type: Emails claiming to be from PayPal about payments or account issues
ScamRadar verdict: likely-scam · Risk score: 84/100
From: PayPal Service <service@paypal-secure-account.com> Subject: You sent a payment of $749.00 USD to Crypto Exchange Ltd Transaction ID: 4AH28401KX998213B If you did not authorize this payment, please call PayPal Resolution Center at 1-855-555-0188 within 24 hours to dispute and prevent funds from being released.
The sender domain (paypal-secure-account.com) and the unfamiliar phone number are the two giveaways. Real PayPal emails come from @paypal.com only and direct you to log in at paypal.com — never to call a number printed in the email.
If you only clicked but did not enter information, close the page and clear your browser. If you logged into the fake page, change your PayPal password immediately at paypal.com (not from the email), enable two-step verification under Security settings, and review Authorized Logins and Pre-approved Payments under Settings — remove anything you do not recognize. Check Activity for unauthorized transactions and dispute any in the Resolution Center. PayPal Buyer and Seller Protection covers many fraud scenarios — file disputes within the protection window. If you called the fake phone number and gave any information, change your password and assume your account is compromised. If you also gave card or bank details, contact your bank.
Open a new browser tab and type paypal.com directly. Sign in and check your Activity — if there is no matching transaction, the email is fake. PayPal also keeps a Notifications inbox in your account where every legitimate email is mirrored. If a notification is not in your account inbox, PayPal did not send it. Real PayPal emails always greet you by your registered first and last name, never 'Dear Customer' or 'Dear PayPal User,' and always come from @paypal.com.
Real PayPal emails come from @paypal.com, greet you by your registered name, and are mirrored in your account Notifications inbox at paypal.com. Generic greetings, urgent payment threats, unfamiliar phone numbers, and lookalike domains are all signs of a fake.
Scammers send legitimate-looking invoices through PayPal's real invoicing system for fake services or transactions, hoping you will call the phone number in the invoice to dispute. The number connects to a scammer who walks you through 'reversing' the charge, which actually grants them remote access or extracts card details. Real PayPal invoices can be ignored if not from someone you know — never call numbers printed in invoices.
Not from clicking alone. The risk is whether you logged in or entered card information on the fake page. If you did, change your PayPal password from paypal.com, enable two-step verification, review Authorized Logins, and check recent Activity for unauthorized transactions.
Never. PayPal will never ask for your password, full card number, Social Security number, or one-time security code by email, text, or phone. Any request for these is a scam regardless of how official it looks.
Forward the full email (with headers) to spoof@paypal.com — PayPal investigates every report. Also report to the FTC at reportfraud.ftc.gov and use your email provider's one-click phishing report function in Gmail or Outlook.
Last reviewed: 2026-06-24 by the ScamRadar editorial team. We update this page when scammer tactics change or when official agencies issue new guidance.
ScamRadar · Blog · Scam Database · Is It Legit? · About