Resources for consumers.
No matter what your needs.

How to Protect Yourself When Transacting Online

March 20, 2020

The safety and security of PayPal users is always our priority. In times of unrest and uncertainty, spammers and scammers around the world will try to take advantage of these vulnerabilities, so it’s important to stay vigilant and protect yourself from such attempts. Below are a few tips to help you stay protected while transacting online.

Quick tips

  • Use passwords with a combination of letters, numbers and symbols, and avoid using the same password for all of your accounts.
  • ​Set up 2-step verification (2FA) and a mobile PIN for your PayPal login.
  • Stay vigilant to fend off phishing attempts via email, text or phone.

Passwords

Industry statistics show that many people reuse the same password everywhere and for those who don’t, most have only three or four passwords for their various accounts. This is why it’s important to have passwords that contain a variety of letters, symbols and numbers.  Having a simple password means that you are more vulnerable to malware, phishing and identity theft. Don’t use information that could be found on social media in your passwords such as your pet’s name, children’s names, favorite football team, your name, birthday, driver’s license numbers or phone numbers.  Can’t remember all your passwords? You can find reputable password managers online that can manage that for you at little to no cost.

2-step verification (2FA) and mobile PIN

Setting up 2-step verification and a mobile PIN adds a second layer of security to your online account. Login to PayPal  and click the settings icon in the top right-hand corner of the screen. Click the ‘Security’ tab to set up a mobile PIN and 2-step verification.

How to spot fake, fraudulent, spoof or phishing emails

Phishing is a form of social engineering that attempts to steal sensitive information by posing as a legitimate institution fishing for your personal details. The attacker’s goal is to compromise systems to obtain usernames, passwords, and other account or financial data. While phishing is frequently accomplished by email, it can also be used via phone and text message.

When you aren't sure if you can trust a communication from PayPal, here are a few guidelines that can help you spot the real from the fake. Below are common practices seen in phishing attempts to watch out for.

  • Impersonal, generic greetings, such as “Dear user” or “Dear [your email address]": Emails from PayPal will always address you by your first and last names or by your business name. We never say things like "Dear user" or "Hello PayPal member".

  • Asking you for personal information: PayPal will never ask you to provide your password, credit card numbers, bank account numbers, driver’s license number, social security number, email or full name through text message or email.

  • Asking you to click on links that take you to a fake website: If there's a link in an email, always check it before you click. A link could look perfectly safe like www.paypal.com/SpecialOffers, so make sure to hover your mouse over the link to preview the true URL. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.

  • Containing unknown attachments: Don't ever open an attachment unless you're sure it's legitimate and safe. Be particularly cautious of invoices from companies and contractors you're not familiar with. Some attachments contain viruses that install themselves when opened.

  • Conveying a false sense of urgency: Phishing emails are often alarmist, warning that your account needs to be updated immediately. They're hoping you'll fall for their sense of urgency and ignore warning signs that it's fake.  If there is an urgent need for you to complete something on your account, you can find this information by logging in to PayPal.

If you suspect you’ve been a target of a PayPal phishing scam, forward the entire phishing email or spoof site information to spoof@paypal.com. Do not alter the email subject line and do not forward the message as an attachment.  Please delete the email from your email account immediately after. To forward a text exchange, follow these steps:

  • iPhone, iPad, iPod Touch - tap and hold the message you want to forward, select More, then tap the Forward arrow on the bottom right corner and enter spoof@paypal.com. After you’ve hit send, delete the message.
  • Android - tap and hold the message you want to forward, select the More Menu, and then Forward to spoof@paypal.com. After you’ve hit send, delete the message.

Unauthorized account activity

If you think someone has used your account without permission, report it to PayPal immediately and we’ll help protect you as much as possible. If reported within 60 days of when the transaction appeared on your account statement, PayPal can protect you with $0 liability for eligible unauthorized transactions.

Stay up to date.

Sign up to receive the latest news to your email.

Subscribe