Skip to content
PhishCheck

Guides / Article

PayPal Phishing Email Example: What It Looks Like

Realistic PayPal phishing patterns, sample language attackers use, and how to tell a fake notice from a legitimate account message.

PayPal-themed phishing is popular because almost everyone recognizes the brand—and because account and payment emails are normal. Attackers mimic subject lines like "You've received a payment," "Unusual activity," or "Confirm your information." Below are patterns that show up again and again, even when the layout looks polished.

Example subject lines attackers reuse

  • "Your account has been limited—verify now"
  • "Payment received: open invoice"
  • "Security alert: new device sign-in"
  • "Action required: confirm tax details"

What the body usually asks you to do

The email may urge you to click a button to "restore access," "release funds," or "avoid suspension." The destination is often a look‑alike login page designed to harvest credentials and sometimes MFA codes.

Red flags in PayPal-themed phishing

  • Generic greeting ("Dear customer") with high-stakes claims
  • Links that do not resolve to PayPal's official domains
  • Requests to install remote software or "verify" via a phone call
  • Threats that your money will be frozen unless you act immediately

How to verify safely

Open PayPal directly from an app you installed from an official store, or type paypal.com yourself. Review notifications and recent activity there—not through the email link.

Sample language (illustrative, not real)

"We noticed unusual login attempts. To prevent permanent closure, verify your identity here within 12 hours." That combination of fear plus a deadline is a strong phishing signal—especially if the link domain is unfamiliar.

Paste suspicious messages into PhishCheck's phishing checker for a quick triage summary before you interact with the sender.

Why PayPal scams stay popular

PayPal handles money movement for many people, so a fake notice feels plausible even when grammar or logic is slightly off. Attackers also know recipients may forward payment emails internally—so one convincing template can spread inside small businesses. Train yourself to treat every unexpected financial email as untrusted until verified in PayPal's authenticated session.

Related

Amazon scam email example · Email scam checker · Email phishing checklist

Next: run the message through PhishCheck's phishing checker or jump straight to the analysis tool.

Check a suspicious message now

Want to check a suspicious message right now? Paste it into PhishCheck for an AI-assisted phishing risk assessment in seconds—no signup required.

Open PhishCheck