Real PayPal Email vs Fake PayPal Email
How to tell a genuine PayPal notification from a phishing email impersonating the brand.
Last reviewed: 1 June 2026
PayPal is one of the most impersonated brands in phishing campaigns worldwide, because hundreds of millions of people hold accounts and any payment alert creates an instinct to act quickly. Fake PayPal emails replicate the visual design, tone, and layout of genuine notifications convincingly. The tells are structural rather than visual: the sender domain, the link destination, and whether the email asks you to enter credentials or card details via a link. Your real PayPal account shows every transaction and alert — if it isn't there, the email is fake, regardless of how genuine it looks.
Side-by-side comparison
| Real PayPal email | Fake PayPal email | |
|---|---|---|
| Sender domain | Sent from a verified paypal.com email address | Sent from a lookalike domain or one with 'paypal' inserted misleadingly |
| Link destination | Any link goes to paypal.com — verifiable in the URL bar | Link goes to a lookalike domain or redirects through a third party |
| Account verification | Any genuine issue visible when you log in via the official app/site | Issue exists only in the email; nothing shown in your account |
| Credential request | Asks you to log in via paypal.com, not to enter details in the email itself | Form embedded in the email or link to a fake login page |
| Urgency | Account notices have reasonable timeframes for resolution | 'Your account will be limited in 24 hours unless you verify now' |
| Greeting | Uses your registered full name | Generic: 'Dear Customer', 'Dear User', or partial name |
Common red flags
- Sender address not from the paypal.com domain
- Link destination domain is not paypal.com
- Email asks you to enter card details or password directly
- Transaction or problem not visible when you log in independently
- Generic greeting rather than your full name
- Urgency framing — account suspension, unusual activity — combined with a link
Verification steps
- Open the PayPal app or go to paypal.com by typing the URL directly — never via an email link
- Check whether the transaction or issue mentioned in the email actually appears in your account
- Check the sender's actual email address — not just the display name — for the correct domain
- Hover over any links before clicking to preview the destination URL
- Report suspicious emails to the official phishing report address for the platform
What not to do
- Don't click links in unexpected payment alerts without first checking your account directly
- Don't enter your password on a page reached via an email link
- Don't provide card details in response to a payment-platform email
- Don't judge email authenticity by visual design alone — it is trivially copied
A safe response
Ignore the link and open the official app or website directly to check your account. If nothing is shown in your account, the email is fake. Forward it to the platform's official phishing report address and delete it. If you already entered credentials, change your password immediately and enable two-factor authentication.
Frequently asked questions
Why does the fake email look identical to real PayPal emails?
Email HTML, logos, and design templates are publicly viewable and trivially copied. Visual appearance is not a reliable indicator of authenticity. The sender domain and the destination of any links are the structural tests that matter.
What if the email mentions a real transaction amount I recognise?
Scammers occasionally have access to partial data from breaches. A familiar amount doesn't verify the email. Check the transaction in your actual account independently before taking any action.
I entered my details on the fake page — what do I do?
Change your PayPal password immediately from the official site. Enable two-factor authentication if not already active. Check your account for any unauthorised transactions and report them to the platform. Contact your bank if a card linked to the account was exposed.