Real PayPal Security Alert vs PayPal Phishing Email
How to tell a genuine PayPal notification from a phishing email engineered to steal your account credentials or card details.
Last reviewed: 1 June 2026
PayPal is one of the most impersonated brands in phishing campaigns. Fake PayPal emails mimic genuine transaction alerts or security notices closely enough to fool many users. The fastest check is to ignore any link in the email and log in directly to the PayPal website by typing the URL yourself.
Side-by-side comparison
| Genuine PayPal notification | PayPal phishing email | |
|---|---|---|
| Sender address | Sent from @paypal.com — no hyphens, extra words, or country subdomains in the main domain | Sent from [email protected] or similar lookalike domain |
| Your name | Uses your registered full name, not 'Dear Customer', 'Dear User', or your email address | Opens with a generic greeting or just your email address |
| Link destination | All links go to paypal.com — hover to confirm before clicking | Links go to a lookalike domain or URL shortener; the login page steals credentials |
| Action requested | Directs you to log in at paypal.com through your browser; never embeds a password field in the email | Contains a prominent 'Verify Now' or 'Confirm Account' button with urgency |
| Urgency | Provides a reasonable window to respond; account limitations are clearly explained in the account dashboard | Claims your account will be permanently closed within 24 hours unless you act immediately |
| Transaction details | References your real transaction amount, date, and merchant name if it is a payment notification | References a vague or invented transaction — 'a payment of $299 has been sent' — that does not match your history |
Common red flags
- Sender domain is not exactly @paypal.com
- Generic greeting rather than your registered name
- Urgent threat to close your account within hours
- Transaction amount you do not recognise
- Link destination is not paypal.com when you hover over it
Verification steps
- Open a new browser tab and type paypal.com yourself — check your account directly for any real notices
- Hover over any link before clicking to see the actual destination URL
- Check the sender address for any difference from @paypal.com
- Forward suspected phishing emails to [email protected]
What not to do
- Do not click the email link even to 'quickly check' — go directly to the site
- Do not enter your password on any page you reached through an email link
- Do not call a phone number printed in a PayPal email — PayPal contact numbers are on the official site
A safe response
Ignore the link entirely and log in to PayPal by typing paypal.com in your browser. Any real notice will appear in your account message centre.
Frequently asked questions
What if the email contains my real name and partial card number?
Data breaches mean scammers sometimes have partial personal information. A name and last four digits do not confirm an email is genuine — always verify by logging in directly, not through the email link.
Can I report a PayPal phishing email?
Yes — forward the email as an attachment to [email protected] and then delete it. PayPal investigates reported phishing emails and uses them to improve detection.