"Suspicious Activity on Your PayPal Account" — How to Spot This Scam Email
An email claiming to be from PayPal says there's been suspicious activity and your account will be limited unless you act now. This is a well-known phishing scam designed to steal your login credentials. Here's how to tell it's fake.
Think this email is a scam?
Forward it to us and get a free risk assessment in under 60 seconds.
How This Scam Works
Critical Risk — Credential Theft
PayPal will never ask you to enter your login credentials through an email link. If you receive a security alert, log in directly at paypal.com to check your account.
This phishing email claims to be from PayPal and warns that suspicious activity has been detected on your account. It states that your account will be limited or frozen unless you verify your identity immediately by clicking a link.
The link leads to a fake PayPal login page that looks nearly identical to the real thing. When you enter your email and password, the scammers capture your credentials and can access your PayPal account, make purchases, or transfer funds.
Some versions of this scam go further, asking for your full credit card number, Social Security number, or bank account details under the guise of "identity verification." According to the Anti-Phishing Working Group (APWG), PayPal was among the top five most impersonated brands in phishing attacks throughout 2023 and 2024.
Red Flags
- Email claims suspicious activity or unauthorized transactions on your account
- Sender address is not @paypal.com (e.g., @paypal-security.com or @service-paypal.net)
- Link URL does not lead to paypal.com when you hover over it
- Requests sensitive information like SSN, full credit card number, or bank details
- Uses generic greeting ('Dear User') instead of your name
The easiest way to identify this scam is to check the sender address and hover over the link without clicking. PayPal emails always come from @paypal.com and links always point to paypal.com.
What You Should Do
What To Do
- Do not click any links in the email
- Open a new browser tab and go directly to paypal.com
- Log in and check your account activity for any unauthorized transactions
- Report the email to PayPal through their official security page at paypal.com/security
- Delete the email from your inbox
How to Verify Legitimately
Go directly to paypal.com by typing the URL in your browser. Log in to your account and review the Activity section. If there are no alerts or limitations on your account, the email was fraudulent. PayPal also has a Resolution Center where real disputes are managed — never through email links.
Sources
- Anti-Phishing Working Group (APWG) Phishing Activity Trends Reports 2023–2024
- PayPal: How to report suspicious emails and messages