Fake PayPal Customer Service Chatbot Scam
Criminals embed fake 'PayPal Support' chatbots in phishing sites and search-ad landing pages to harvest credentials and one-time codes under the guise of helping customers.
Part of: Fake Customer-Service Chatbots
Last reviewed: 8 June 2026
PayPal offers a genuine live chat and messaging service accessible through its official website and app. Scammers replicate the visual style of PayPal's chat interface on lookalike domains and advertise those sites through paid search ads so they appear near the top of results when users search for 'PayPal customer service' or 'PayPal help live chat.'
Once a victim starts a chat, the 'agent' follows a scripted playbook designed to gradually extract account credentials, two-factor authentication codes, and personal identification. Because chat feels more informal and conversational than a phishing email, victims are less guarded and are often willing to share information they would refuse to type into a web form.
The chatbot may also direct victims to download a remote-access tool, claiming it is needed to 'run a diagnostic on your account.' With remote access, the scammer can see the victim's actual PayPal session and take over in real time.
How this scam works on the PayPal brand
The scam typically begins when a user searches for PayPal's contact number or live chat. A paid search advertisement — sometimes identical in appearance to a legitimate result — leads to a site like paypal-helpdesk.com. The page looks exactly like the PayPal help centre, and a chat window opens automatically.
The fake agent asks the victim to verify their identity by providing their PayPal email, then their password, and then the six-digit code from their authenticator app 'to confirm account ownership.' Each step is framed as a standard security procedure. With these three pieces of information, the scammer instantly logs into the real PayPal account, changes the email address, and transfers any balance.
Some sophisticated variants use real-time relay: the chatbot enters the victim's credentials into the real PayPal site simultaneously, triggering a genuine OTP that the victim then hands over — a technique known as a real-time phishing proxy.
Common red flags
- The chat site was reached through a search engine advertisement rather than directly from paypal.com.
- The URL in the browser bar is not paypal.com — even a close misspelling is a red flag.
- The agent asks for your full PayPal password, which genuine PayPal support never requires.
- You are asked to share a one-time code or security PIN sent to your phone 'to verify your identity.'
- The chat window asks you to download a file or install a screen-sharing tool.
- The agent claims your account is suspended and only you can restore it by verifying on this chat.
- There is no padlock or the TLS certificate is not issued to paypal.com.
How to protect yourself
- Access PayPal's support only through paypal.com/help — never through a link in an ad or email.
- Bookmark paypal.com and use that bookmark rather than searching each time.
- Know that PayPal support will never ask for your full password or a one-time authentication code.
- Refuse any request to install software, even if the agent calls it a 'PayPal diagnostic tool.'
- Check the browser address bar before typing anything — the URL must be paypal.com.
- If in doubt, close the chat, go to paypal.com directly, and use the Message Center inside your account.
How to report it
- Report the fake site to Google Safe Browsing: safebrowsing.google.com/safebrowsing/report_phish.
- Forward any email associated with the chat to [email protected].
- Report the incident to the FTC at reportfraud.ftc.gov.
- If your account was accessed, contact PayPal immediately at paypal.com/help to secure it.
- File with ic3.gov if you lost funds.
Frequently asked questions
How do I find the real PayPal live chat?
Log in to your PayPal account at paypal.com, go to Help, and look for the Message Center or chatbot within the authenticated session. Do not use phone numbers or chat links found through search engines.
Will PayPal ever ask for my one-time code via chat?
No. PayPal may send you an OTP to confirm a login, but a genuine support agent will never ask you to read that code back to them. Any chat or call that requests your OTP is attempting to take over your account.
I gave my password in a fake chat. What do I do?
Immediately log in to paypal.com from a trusted device, change your password, and review recent activity. Enable two-factor authentication if it is not already on. Contact PayPal support if you cannot log in.