Is PayPal Safe? How to Spot and Avoid 10 PayPal Scams

What are the most common PayPal scams?

The most common PayPal scams include phishing, Bitcoin, overpayment, and invoice scams, all of which rely on social engineering tactics to trick you into revealing personal details, such as your address, credit card information, or passwords.

Read on to discover the top 10 PayPal scams to watch for and how to spot them.

1. Phishing scams

PayPal scams typically begin with phishing attacks that use fake (or “spoofed”) emails or texts to trick you into divulging personal information or clicking on links that could infect your device with viruses or other malware, giving hackers access to your account or damaging your device.

These fake emails (also known as spoofed emails) can be difficult to spot because they’re designed to look trustworthy. For instance, an email might tell you to click on a link to fix an issue with your PayPal account. However, instead of taking you to the real PayPal website, the link takes you to a fake PayPal website that captures your credentials when you log in, potentially giving the scammers the keys to your real PayPal account… and your money.

Other PayPal phishing attacks that target specific individuals (known as “spear phishing”) can appear remarkably authentic. For example, if you’re an Apple user, fraudsters may choose to target your Apple ID.

If you receive a suspicious-looking email, report it, then delete it immediately.

2. Bitcoin and crypto scams

A PayPal Bitcoin scam email usually involves receiving an “invoice” for a Bitcoin or other cryptocurrency purchase, with a phone number to call if you have any questions. If you call, the scammer on the other end will try to extract personal or financial information from you to “stop” the “order” from being processed.

Similarly, advance-payment scams may ask for a small Bitcoin investment with the false promise of a large payout. Many crypto scams also combine tactics from other schemes — for example, tricking you into clicking a malicious link that installs cryptojacking malware, which secretly hijacks your device to mine cryptocurrency.

While PayPal supports Bitcoin transactions, you should never send money — crypto or otherwise — to a stranger. To protect your personal details and data, you should also avoid clicking on suspicious links.

3. Overpayment scams

If you’re using PayPal to sell items, beware of overpayment scams, in which a buyer deliberately “overpays” and then asks you to refund the difference. In these cases, the original payment is either fake, sent via a spoofed email, or later reversed, leaving you without the refund money and possibly without the item you sold.

For example, a buyer might “accidentally” send $250 instead of $25 and then ask you to return the $225 difference. Once you send the refund, the fraudster reverses the original payment (or it never really existed), leaving you $225 short.

If you ever receive an overpayment on PayPal, cancel the transaction right away. It’s almost certainly a scam. Any legitimate buyer can simply resend the correct amount.

4. Invoice scams

A PayPal invoice scam looks like a genuine invoice, urging immediate payment via PayPal. As with tech support scams, the fraudster’s email often mimics a real business, with logos, serial numbers, and professional formatting. But it is actually a ploy to trick you into sending money or sharing personal information.

Fraudsters often request payment in cryptocurrency because it’s difficult to trace and nearly impossible to reverse. To stay safe, never call the phone numbers or click the links in these invoices. Instead, log in directly to PayPal through the official website or app to verify whether the invoice is real.

5. Shipping address scams

In shipping address scams, the scammer provides an invalid delivery address, then contacts the delivery company directly to redirect and receive the package. Because the original delivery address is invalid, the scammer can complain to PayPal that they never received the package and request a refund.

If a buyer requests a preferred shipping method or company, or sends you a prepaid shipping label, this could signal a scam, as this is a way to reroute the package to their address without you knowing. And because the fake address matches what’s on the transaction details, PayPal may grant the refund.

To avoid this type of PayPal scam, never accept custom shipping labels, ensure proof of delivery (where the buyer must sign on receipt), and never agree to change the delivery address once payment has been made.

6. Advance-payment scams

In advance-payment scams, someone tells you that a large payment is coming to you (such as an inheritance or lottery winnings), but you must pay a small fee or provide personal information before they can send it. While the payment address they provide is real, the money you’re promised to receive is fake.

A common variation of this scam involves fake PayPal confirmations. Scammers send you what appears to be proof that money has been deposited into your account and ask you to “confirm” the transaction by clicking a link or paying a fee. Instead of receiving money, you risk losing your own. Although PayPal actively monitors and protects against fraudulent activity, some scams can still bypass its safeguards.

7. Charity scams

Charity scams take advantage of people’s goodwill. Some PayPal scammers create fake accounts that mimic a real charity’s and ask you to donate through a link. The email or website may look convincing. However, the donations go straight to the scammer, not to the cause.

To avoid sending money to a scammer, always check the recipient’s details carefully before donating. Search for the charity’s official website and donate there, rather than through email or message links. On PayPal, double-check the recipient’s details and confirm that the account really belongs to the organization.

8. Fake payment scams

Fake PayPal payment scams target merchants. These scams begin with the supposed buyer sending a fake PayPal payment confirmation email. At first glance, the email appears genuine — complete with PayPal logos, official wording, and transaction details. Believing the payment has been received, the seller sends the goods. Only later do they realize the payment was fake.

To protect yourself, never solely rely on email confirmations. Instead, log in directly to your PayPal account and check your transaction history before sending any goods.

9. Job scams

In PayPal job scams, you’ll receive a message on Telegram, WhatsApp, or another messaging platform claiming that an employer found your number on a networking site and has a job opportunity for you.

The “job” may entail watching a short video, writing reviews, or liking posts in an app. At first, your new contact may send you money for completing tasks, but after a certain point, they’ll ask you to deposit money to continue earning. For example, they may ask you to “upgrade your account” to unlock more tasks, send money to release your “commission,” or pay a fee to cover “tax liabilities.”

While your earnings appear to increase, you’ll soon find yourself depositing more money than you’ve actually received. The best way to see through a PayPal scam like this? Legitimate employers will never ask you to send them money.

10. Romance scams

A romance scam happens when a fraudster pretends to start a romantic relationship with someone to steal money or personal information. They’ll work quickly to build trust, often through intense flattery or constant communication. Once they have your confidence, they’ll try to persuade you to send money — commonly through PayPal or another peer-to-peer payment app — using excuses like wanting to travel to meet you or covering sudden expenses such as medical bills or other emergencies.

No matter how convincing the tale may seem, never send money to someone you haven’t met.

How can I avoid being scammed on PayPal?

To help avoid being scammed on PayPal (or any other payment platform), verify the authenticity of each email and transaction before you share personal or financial information or before you send goods to a buyer. And don’t accept money from a stranger.

PayPal scams rose by 600% between January and May 2025, so it’s more important than ever to be vigilant. Follow these basic tips to help avoid scams on PayPal and other payment platforms:

• Verify the authenticity of each email and transaction before you share personal or financial information.

• Don’t click links in emails appearing to be from PayPal. If there’s an issue with your account, log in to PayPal directly and confirm any messages. You can avoid the vast majority of threats this way.

• Don’t share personal information such as passwords or other login data.

• Don’t let strangers send you money via direct payment or trick you with gift card scams.

• Don’t accept random requests from people you don’t know. They may be Cash App scams or Venmo scams.

• Don’t select the family and friends option unless they really are family or friends.

• Use credit cards, since debit cards can grant access to your bank account, while credit cards don’t. Plus, if PayPal can’t refund you when you get scammed, your credit card company might.

• Don’t use unfamiliar delivery services that you’ve never heard of or don’t trust.

• Check for spelling errors or an unusual domain in the email address, such as .vip, .gdn, or .win. These are telltale signs of suspicious activity.

• Sign up for PayPal’s Seller Protection Program (if you’re eligible) for additional fraud protection if you’re an online seller.

• Be skeptical if something seems too good to be true, like a huge amount of promised cash.

• Log in directly to PayPal to verify authenticity rather than relying on email alone. For sellers, the best way to check whether a transaction is legitimate is to log into PayPal and review your transaction history.

• Enable two-factor authentication on your PayPal account to give you an extra layer of security against hackers and scammers.

Is PayPal safe?

PayPal is widely considered a safe and reliable online payment system, used by over 400 million users and 36 million merchants worldwide. While PayPal itself is safe to use, scammers have been known to use PayPal to trick strangers into transferring money or sharing login information via fake links.

With advanced security features in place, including end-to-end encryption, PayPal prioritizes safety for both buyers and sellers. Some notable security features include:

• Buyer protection: PayPal offers a buyer protection program to ensure all eligible purchases are protected. For example, if your order never arrives or shows up “significantly different than described,” then you can submit a claim through Paypal’s program to receive a full refund, including any shipping fees.

• Seller protection: PayPal also has a seller protection program in place to help prevent losses from false claims or chargebacks. As long as your claim meets the program’s eligibility guidelines, such as keeping proof of shipment, you’ll be covered for the total purchase amount.

• Data encryption: Transactions are protected with industry-standard Transport Layer Security (TLS) encryption — the modern successor to Secure Socket Layer (SSL).

• Browser security checks: PayPal also runs server checks to ensure you’re logging in through a browser that meets strict security standards. If you’re blocked from logging in, try using a secure browser.

• 24/7 fraud monitoring: PayPal’s systems monitor each transaction in real time to help prevent scams — from email phishing to identity theft and beyond. If something looks suspicious, PayPal has a dedicated team of security specialists ready to review the potential threat and take action if necessary.

• Two-factor authentication (2FA): PayPal supports 2FA via an authenticator app or security key (and SMS where available). This makes it much more difficult for hackers or scammers to gain unauthorized access to your account.

• Account activity notifications: PayPal also sends instant alerts via email, SMS, and within the app to notify you about activity. This helps you detect suspicious or unauthorized activity on your PayPal account.

So, how secure is PayPal?

PayPal is a secure and reliable platform, with multiple safeguards designed to keep transactions safe. While no digital service can ever be 100% risk-free, PayPal uses fraud detection systems, buyer and seller protections, and strict compliance with regulations like anti-money-laundering laws to help protect users.

Some people may feel uncomfortable about PayPal collecting transaction data, but this monitoring is a key part of spotting fraud, preventing scams, and meeting legal requirements.

You can use PayPal with confidence. Just make sure you’re on the official site or app, and be cautious with unsolicited emails or texts urging you to click links, as these may be phishing attempts from scammers.

How to spot a fake PayPal payment confirmation

PayPal does send emails, including payment notifications, receipts, and security alerts. But scammers can send convincing (spoofed) versions of these. Therefore, you should never rely on the sender’s address alone, as phishing emails often fake legitimate-looking details. If you’re unsure, forward the message to phishing@paypal.com and log in to PayPal directly (without clicking any links) to check for alerts.

Real PayPal emails will always address you by your first and last name, or your business name. Watch out for generic greetings like “Dear user” — a clear red flag. Other warning signs include poor grammar, suspicious links, and false urgency (meant to push you into acting quickly).

A PayPal.Me link (e.g., PayPal.Me/RecipientName) is an official feature that lets someone send or receive money directly. It’s safe to use, but only if you know and trust the recipient. If you receive an unsolicited PayPal.Me link, or if you’re not sure it’s genuine, don’t click it. Instead, visit PayPal.com directly or type the verified PayPal.Me address yourself.

Always be wary of messages from unofficial PayPal email addresses.

What to do if you are a victim of a PayPal scam

If you’ve been scammed, cease all communication with the scammer and choose a new, unique, and strong password to help prevent unauthorized access to your PayPal account.

Then, report the scam to PayPal and the relevant authorities. If you suspect your personal information may have been compromised, consider using a data protection tool like Avast BreachGuard, which can alert you to future breaches and help you secure your accounts.

How to report a PayPal scam email

PayPal has a set procedure for reporting scams:

• Forward phishing emails to “phishing@paypal.com.” This will delete the email from your inbox.

• If you’re suspicious of a transaction, use the “Report a Problem” feature in PayPal’s Resolution Center. From there, select the transaction you want to dispute and follow the on-screen instructions.

• You should also report any cyber-related crime to the Internet Complaint Center (IC3) and online scams to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. If your financial losses were significant, you should also file a report at your local police station.

• If the scam resulted in your identity being stolen, report the identity theft to the relevant authorities, such as the FTC at IdentityTheft.gov.

• You should also contact the fraud team at your bank, as well as the three major credit bureaus, to freeze your credit and set up fraud alerts.

Help defend against PayPal scams with Avast

Don’t let PayPal scams catch you off guard. Protect yourself by adding multiple layers of security: Use strong, unique passwords; monitor your PayPal activity; and secure your devices with reliable protection software.

Avast Free Antivirus helps shield you from hackers, malware, and other online threats. It also includes our AI-powered Avast Assistant, which can strengthen your defenses against digital scams by helping you identify suspicious messages before you fall for them.