Fake PayPal Unauthorised Transaction Alert Phishing
Fraudsters send fake PayPal order-confirmation or payment-sent notifications for transactions the victim never made, then provide a 'cancel this payment' link that leads to a credential-harvesting page or a fake PayPal customer-service number.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 7 June 2026
One of the most widely circulated PayPal phishing formats is the fake transaction notification: an email or text that looks exactly like a genuine PayPal payment confirmation, but for a transaction the victim never made. The logic is compelling — if you see a notification for a payment you did not authorise, the natural response is to immediately click 'cancel' or 'dispute this payment'.
These messages typically describe a payment of a specific amount to a plausible-sounding business, and they mimic PayPal's transaction-confirmation format closely, including a transaction ID, the recipient's name, and the date. The 'Cancel This Payment' or 'I Did Not Authorise This' button is the trap — it leads to a phishing page rather than the real PayPal.
Some variants include a phone number to call rather than a link. When victims call, they reach a fraudster who guides them through a 'dispute process' that involves sharing login credentials, reading out OTPs, or installing remote-access software — the same social-engineering playbook as other support-impersonation scams.
How this scam works on the PayPal brand
Real PayPal payment confirmations come from @paypal.com and can be verified by checking the Activity section of your PayPal account. If you did not make a payment, your PayPal account will show no corresponding transaction. The absence of the transaction in your account is definitive proof the email is fake — PayPal cannot send a confirmation for a payment that did not occur.
Fake transaction emails are often sent in bulk with a fixed amount and recipient name. The amount is chosen to seem alarming — commonly between $200 and $800 — to maximise the number of recipients who will react with urgency. The recipient name is often a business that sounds like it could sell electronics, software, or gift cards.
The fake 'cancel' link leads to a page that replicates PayPal's dispute form, asking for the email and password used on the account. After submission, it may redirect to the real PayPal homepage to avoid suspicion, while the credentials are already in the attacker's possession.
Common red flags
- A PayPal transaction notification for a payment you did not make
- Sender address is not @paypal.com or [email protected]
- The email contains a phone number to call about the payment — PayPal does not include call-back numbers in transaction emails
- The 'Cancel' or 'Dispute' link goes to a domain other than paypal.com
- Your actual PayPal account shows no record of the transaction
- The email urges you to act within hours to prevent the payment completing
- The transaction description references common high-value categories: electronics, gift cards, software licences
How to protect yourself
- Log in to PayPal directly at paypal.com and check the Activity section — real transactions appear there
- If the transaction does not appear in your account, the email is fake — delete it
- Never call a phone number included in a PayPal transaction email
- Never click the dispute or cancel link in a suspected phishing email
- Report the phishing email to [email protected] before deleting it
- Enable PayPal's purchase notifications so you see genuine transactions as they happen
- Use two-factor authentication so your account remains safe even if your password is compromised
How to report it
- Forward phishing emails to [email protected]
- Report through PayPal's Security Center at paypal.com/us/webapps/mpp/security/phishing-report
- Submit the fraudulent URL to Google Safe Browsing
- File a complaint with the FTC at reportfraud.ftc.gov
- If you entered credentials on a fake page, change your PayPal password immediately and contact PayPal support
Frequently asked questions
Can PayPal charge me for a payment I did not authorise?
If your PayPal account was accessed without your knowledge and a real payment was made, that would show in your account activity. You can dispute it through the PayPal Resolution Center. If the email describes a payment that does not appear in your account, no charge occurred — the email is fake.
Why do the fake PayPal emails look so convincing?
Attackers copy the HTML, logos, and formatting of real PayPal emails. Some even include working links to PayPal's help pages in the footer to add legitimacy. The primary deception is in the main action button — which goes to a fake site while the surrounding content is real.
What happens if I enter my PayPal password on the fake page?
Your credentials are captured immediately. Change your PayPal password at once and enable 2FA. Check your account for any real unauthorised transactions and dispute them through the Resolution Center. Also change the password on any other account where you used the same credentials.