We invest a lot of time and energy into making sure customers’ PayPal and Venmo accounts are secure, and thieves know it. They may try to impersonate us to gain customers’ trust so they can access their accounts. Fortunately, there are a few ways customers can make sure it’s really us reaching out.
Watch out for spoofed emails from scammers
Phishing and spoof emails aim to obtain secure information, passwords, or account numbers. These emails use deceptive means to trick customers. They’ll ask them to reply, call a phone number, open an attachment, or click on a link to steal personal information.
If a customer receives a suspicious email, they should forward it to firstname.lastname@example.org. From there, our security experts can determine if it's a fake. If it is, we'll get the source of the email shut down. Reporting these emails helps protect customers and everyone else, too.
If a customer isn’t sure whether a PayPal email is legitimate or not, they shouldn’t click on any link in the email or provide any information. Instead, they should go to PayPal.com and log in. If there is any urgent message for them, they will see it there.
Ignore urgent text messages
Scammers can also send messages to customers’ phones via voice or SMS, aka smishing. So customers should look out for text messages with a bogus phone number or URL and a strong sense of urgency. They usually sound like this:
“Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 1-408-123-4567. It is imperative that we speak to you immediately.”
“PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction, please login at paypal.mobileservice2013.com/txn?id=178948 to stop this transaction. Thank You.”
When customers receive a text message like this and call the number or click the link, they’re confirming that you have an account with PayPal. And when they talk to a fraudster, they’ll surrender their account information into the wrong hands.
Don’t provide account information
Fraudsters sometimes use an automated system to make voice calls, in which they’ll report urgent account problems and ask for account information. This is called vishing. Here’s an example of what a vishing call might sound like:
"This is PayPal calling about a possible fraudulent transaction on your account. Please enter your PIN now to hear the transaction details. We need your immediate response to block this transaction."
If a customer enters their PIN or password, scammers get vital information to access their account. So, unless they initiated the phone call, even if the Caller ID says “PayPal,” customers should never provide any account information over the phone. In addition to that, sometimes automated calls will ask customers to call back. They’ll either leave a number or make it simple to click-call from a smartphone. Customers should disregard these messages as well because it’s impossible to be sure of where the call is coming from. If customers ever need to contact us, they should visit the Contact Us link on any PayPal page for our real phone number.