Fake PayPal Account-Suspension Phishing
Criminals send emails or texts that mimic PayPal's transaction alerts, claiming your account has been suspended and demanding you click a link to restore access. The goal is to harvest your PayPal login credentials and payment details.
Part of: Fake Suspended Account Appeal Scams
Last reviewed: 7 June 2026
PayPal is one of the most widely impersonated brands in online fraud, partly because hundreds of millions of people hold PayPal accounts and fear losing access to their funds. Scammers exploit this anxiety by sending urgent messages that look remarkably like genuine PayPal security alerts, complete with logos, colour schemes, and footer links copied directly from real PayPal emails.
The typical attack begins with an email or SMS claiming your account has been "limited" or "suspended" due to unusual activity, a failed verification, or a policy violation. A prominent button — often labelled "Restore Access" or "Confirm Your Identity" — takes you to a convincing replica of the PayPal login page hosted on a domain that has nothing to do with paypal.com.
Once you enter your credentials, the fake site may redirect you to the real PayPal homepage, making you believe the issue has been resolved. In the background, fraudsters immediately log in to your real account, change contact details, and initiate payments or withdraw balances. Some victims also lose linked bank accounts or credit cards.
How this scam works on the PayPal brand
The real PayPal communicates primarily through the email address registered on your account, and any genuine limitation notice will also appear inside the PayPal app or website when you log in directly. PayPal never asks you to provide your full password, Social Security Number, or full bank account numbers via email.
Fake messages deviate in key ways: they use a sender address such as [email protected] rather than @paypal.com, the link in the email goes to a domain like paypal-account-verify.net, and the page asks for information PayPal would never need during a login — such as your debit-card CVV or mother's maiden name.
Some campaigns now use phone calls in addition to email, with a caller claiming to be from PayPal's Trust and Safety team. They direct you to a spoofed website or ask you to read back a one-time passcode PayPal's system just sent to your phone. Reading that OTP to a stranger allows them to complete a password-reset or authorise a transaction on your real account.
Common red flags
- Sender domain is not exactly @paypal.com (e.g. @paypal-support.com or @secure-paypal.net)
- Email urges immediate action with phrases like 'your account will be permanently closed within 24 hours'
- Login link leads to a URL that is not paypal.com — even if the page looks identical
- Message asks for your debit/credit card CVV, SSN, or mother's maiden name
- A supposed PayPal agent calls you and asks you to read back an OTP you just received
- The email greets you as 'Dear PayPal User' instead of your full registered name
- Hovering over any link reveals a domain other than paypal.com
How to protect yourself
- Never click links in suspension emails — open paypal.com directly in a browser or the app
- Check the Resolution Center inside your PayPal account; real limitations appear there, not only in email
- Enable two-factor authentication in PayPal settings so stolen passwords alone are not enough
- Never share an OTP with anyone calling you, even if the caller ID shows 'PayPal'
- Report the suspicious email before deleting it so PayPal can investigate the phishing domain
- If you entered credentials on a fake site, change your PayPal password immediately and review linked accounts
- Set a unique, strong password for PayPal so a breach elsewhere cannot give attackers access
How to report it
- Forward the phishing email as an attachment to [email protected]
- Report the incident inside your PayPal account: Settings > Security > Report a Security Issue
- File a complaint with the FTC at reportfraud.ftc.gov
- Report the phishing URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- If money was lost, contact your bank or card issuer immediately to dispute unauthorised charges
Frequently asked questions
Does PayPal ever suspend accounts without warning?
PayPal can limit accounts when it detects unusual activity, but it always shows the limitation inside your account dashboard when you log in directly — not only via email. If you log in at paypal.com and see no limitation notice, the email is fake.
Can scammers fake the sender address to look like it's from PayPal?
Yes. Email spoofing can make the 'From' name display as 'PayPal' even when the actual address is different. Always check the full address, not just the display name, and look at the link destination before clicking.
What should I do if I already entered my password on a fake site?
Go to paypal.com immediately, log in, and change your password. Then check your linked email account (change that password too), review recent PayPal transactions, and contact PayPal support if you see unauthorised activity.
Will PayPal call me about a suspicious transaction?
PayPal does have an outbound calling programme in some regions, but agents will never ask you to share your full password, card CVV, or an OTP that was sent to your device. If a caller asks for any of these, hang up.