If you’re thinking, If you’ve seen one PayPal scam, you’ve seen them all, think again. As people become more savvy to online scams, bad actors keep scheming new ways to catch us off guard. Trust us when we say that scammers will stop at nothing to achieve one or both of their primary objectives: steal your money or steal your personal information.

You may have educated yourself on how to avoid online scams, probably set up rock-solid passwords and may even regularly use two-factor authentication, but this new PayPal scam is a bit different and was crafted to trick you in a few unique ways.

Jeremy Fuchs, a cybersecurity evangelist at Check Point Software, told us this particular PayPal email scam is on the rise this spring. Keep reading for more information, including the red flags you need to know.

Get Reader’s Digest’s Read Up newsletter for more scam news, humor, travel, tech and fun facts all week long.

What’s the new PayPal scam?

The new PayPal scam starts with an email from PayPal—an actual email from actual PayPal. “The email will include an indication that you’ve paid money or owe money, such as ‘You just paid $1,500 for a Samsung UHD TV,'” explains Ian Bednowitz, general manager of identity and privacy at LifeLock.

The email will typically include a phone number to call or a link to click. Because the email came from an actual PayPal email, you may think the link is safe, but we assure you it’s not. “The link will likely go to a spoof website that looks like PayPal to get you to input your login details or additional personal info to verify your identity,” Bednowitz says, adding that clicking this link may also install malware on your device. If the scammers get your PayPal login information, they could also drain your bank account, so always be extra cautious with any information linked directly to a bank account or credit card.

Because you know you didn’t buy the TV or whatever else the PayPal email says you purchased, you might be tempted to make the call. “The catch is that they want you to call a phone number to report an error in the purchase,” Fuchs explains. The scam picks up steam when you call that number.

What makes this scam so convincing?

Close up of person holding a phone with the PayPal appSOPA Images/Getty Images

The PayPal email scam is convincing because hackers figured out how to outsmart PayPal’s email system, and the email that potential victims receive is actually from PayPal. “It comes from a legitimate PayPal email address, so the email address, format, spelling, etc., will all be legitimate,” Bednowitz says.

Another thing that makes it convincing is that the scammers send what appear to be legitimate invoices from PayPal. They come from PayPal, so they look real. If you’ve gotten used to checking email addresses—a great defense against scammers—you will have to be even more careful now.

What are the red flags of the new PayPal scam?

Bednowitz says the best overall guidance is to be skeptical of all communications, whether via email, phone or SMS. “Go directly to the organization’s website and only contact the company through email addresses or phone numbers that you are certain are legitimate,” he says. Yes, it may feel like a drag to navigate the phone tree and wait on hold to talk to someone, but it’s worth it to protect your identity.

The signs to look for in this scam are:

  • Unexpected payment requests or invoices for unfamiliar purchases.
  • Emails that express a sense of urgency, such as when the payment is due. “Anytime there is a sense of urgency in any communication, it is a red flag to stop and reconsider the authenticity of the communication,” Bednowitz says.
  • A phone number to call that differs from what you can find on PayPal’s website.
  • A link that doesn’t actually lead to PayPal. If there is a link provided, hover over it (don’t click it!) and see if it leads to the authentic PayPal domain. FYI, all official PayPal URLs will start with PayPal.com.

What should you do if you receive a PayPal scam email?

Fuchs has sound advice, whether you’re dealing with a potential PayPal scam email or just had a close call due to one of the increasingly common LinkedIn scams. “Take a breath and think,” he says.

After you’ve taken a moment to calm your nerves, ask yourself if you’re expecting an email from PayPal. If the answer is no, it’s probably a phishing attempt.

“You can also Google the phone number they want you to call,” Fuchs advises. If it’s not legit, it will appear in the search results as a suspected scam number.

Cybersecurity experts can never stress enough how critical it is to never click on any links or call any phone numbers. Instead, Bednowitz says you should go directly to PayPal.com, log into your account and verify if you have any outstanding invoices or recent payments that are consistent with the email. Once you verify it is a scam, you should report it to your email provider and to PayPal.

RELATED:

About the experts

  • Jeremy Fuchs wears a couple of hats at Check Point Software, a leading AI-powered, cloud-delivered cybersecurity platform provider protecting over 100,000 organizations worldwide. Fuchs is a cybersecurity evangelist in the Office of the CTO, and he’s also a global campaign manager.
  • Ian Bednowitz is the general manager of identity and privacy at LifeLock. He has extensive experience working for eBay and Bain and is committed to helping consumers stay safe online.

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece, Jaime Stathis tapped her experience as a journalist who has written dozens of articles about scams and digital security for Reader’s Digest to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.

Sources:

  • GOBankingRates: “5 Ways to Avoid the New PayPal Scam That Is Using Real Emails”
  • Jeremy Fuchs, cybersecurity evangelist in the Office of the CTO at Check Point Software; email interview, April 2025
  • Ian Bednowitz, general manager of identity and privacy at LifeLock; email interview, April 2025
iPhone containing an EZ-pass toll scam text on a red backgroundReader's Digest, General_4530/Getty Images

Toll Road Scam Texts Are on the Rise

Hands hold a smartphone displaying the Facebook logo on the screen, in a softly lit indoor environment.SOPA Images/Getty Images

Facebook Scams to Watch Out For

Hand holds a phone displaying a message about a USPS package delivery issue, with a suspicious confirmation link, against a red warning backdrop.Reader's Digest

How to Handle USPS Scam Texts

Author
Jaime Stathis
Jaime writes about technology, cybersecurity, careers, retirement, travel and everything related to being a human being on a constantly evolving planet. Jaime is insatiably curious and still trying to figure out if she prefers the mountains or the ocean—and realizes this might be a lifelong puzzle to solve.
Read More
Jaime Stathis