PayPal Scams
Scams that exploit PayPal — from phishing emails to invoice fraud.
Last reviewed: 1 June 2026
PayPal is one of the world's most impersonated brands in phishing emails. The platform's wide use in online commerce means that convincing fake PayPal notifications — about account limitations, disputed payments, or refunds — land in millions of inboxes daily.
Beyond phishing, scammers exploit PayPal's own features: sending legitimate-looking invoices for goods or services the recipient never ordered, or manipulating the platform's Friends & Family payment option to avoid buyer protection. Overpayment scams targeting sellers are also common.
This guide covers the most frequently reported scams involving PayPal, how to distinguish genuine PayPal communications from fakes, and the steps to take if you believe you have been defrauded.
Common scams using PayPal
Phishing emails mimicking PayPal
Emails about account limitations, unusual activity, or payment notifications link to fake PayPal login pages designed to steal credentials.
Invoice scam
Fraudsters send legitimate PayPal invoices — using PayPal's own system — for goods or services the recipient never ordered, sometimes with threatening notes.
Overpayment and refund request
Buyers send too much money and ask sellers to refund the difference via a different method, then reverse the original payment.
Friends and Family abuse
Buyers insist on paying through PayPal's Friends & Family option — which carries no buyer protection — then claim non-receipt.
Advance fee through fake PayPal 'holds'
Sellers are told their payment is on hold and they must pay a release fee or shipping cost before they can access the funds.
Common red flags
- An email urging you to click a link to verify your PayPal account
- An invoice from PayPal for goods or services you never requested
- A buyer requesting a refund by wire or gift card after overpaying
- A buyer insisting on Friends & Family payment for a goods purchase
- A message saying your PayPal payment is 'on hold' pending a fee payment
- Sender addresses that do not end in @paypal.com
How to protect yourself
- Log in to PayPal directly at paypal.com to verify any alerts — never use email links
- Enable two-factor authentication on your PayPal account
- For selling goods, always use Goods & Services payments, which include PayPal seller protection
- Report unexpected invoices and do not pay them
- Never send a 'release fee' to unlock a payment — PayPal does not operate this way
How to report it
- Forward phishing emails to [email protected]
- Report fraudulent transactions and unauthorised charges through PayPal's Resolution Centre
- Report to your national fraud authority and contact your bank if financial loss occurred
Frequently asked questions
I received a PayPal invoice I never requested — should I pay it?
No. PayPal's system allows anyone to send an invoice, which is how this scam works. Do not pay and report the invoice to PayPal. Check your PayPal account directly for any legitimate outstanding charges.
How can I tell if a PayPal email is genuine?
Check that the sender address ends in @paypal.com. Genuine PayPal emails address you by your full name, not 'Dear Customer'. Log in to paypal.com directly to verify any alerts rather than clicking links.
My buyer wants to pay Friends & Family — should I accept?
Not for a goods or services transaction. Friends & Family payments are for personal transfers and carry no seller protection. If a dispute arises, PayPal will not cover you.