We may earn affiliate commissions for the recommended products. Learn more.

PayPal scams: the 2026 guide to spotting, avoiding, and recovering from fraud

Why You Can Trust Cybernews

Led by experts behind major reports like The Mother of All Breaches, our team of information security professionals, tech journalists, and data analysts delivers unbiased, real-world testing of identity theft protection services.

We stay current with industry trends and maintain full transparency by openly sharing our testing methodologies, ensuring readers receive accurate, up-to-date, and unbiased recommendations.

Learn more
Last updated: 2 October 2025
Paypal scams to be aware of

PayPal has been around for over 25 years, accumulating a massive user base along the way. And while this has catapulted the online payment service to the top, it has also made it a prime target for scammers.

There are dozens of ways people can scam you on PayPal. From simple address changes to elaborate scams that involve creating an exact copy of the PayPal website, the possibilities are endless.

The Cybernews research team and I dug into the subject at hand. We investigated widely used PayPal scams and compiled a detailed list of scam types that you may encounter. So, stick around as we explore them in detail below.

Best identity and spam call protection
If you’re tired of spam calls and want stronger protection for your personal data, Aura offers excellent tools to block unwanted callers and guard your privacy. It’s a trusted choice – providing identity theft monitoring, spam call alerts, and scam prevention, all from a user-friendly dashboard. Aura is US-based and includes 24/7 expert support for resolving identity threats quickly.
cybernews® score
4.8 /5
  • Blocks spam and scam calls before they reach your phone
  • Real-time alerts for suspicious activity linked to your identity
  • Comprehensive identity theft monitoring and recovery services
Visit Aura
inga_valiaugaite_author jolomi peppeh author Mariia Lysikova
Why You Can Trust Cybernews

Our team combines cybersecurity experts and consumer protection specialists who rigorously test each identity theft protection service. All findings undergo verification from our fraud prevention experts to ensure accuracy and relevance. We maintain complete transparency about our testing methodology and regularly update our reviews as services evolve or when new threats emerge. Our testing includes a detailed examination of monitoring capabilities, alert systems, and recovery services across multiple scenarios. Learn more about our testing process.

30+
Identity protection service guides
12+
Identity theft protection services tested
3,600+
Hours of dedicated testing time
$15,000+
Spent on service subscriptions and testing

The most common PayPal scams at a glance

  1. Phishing scams rely on fake emails and sites that trick users into giving out their data
  2. Fake invoices involve sending users legitimate-looking payment requests
  3. “Money waiting” baits ask users to log in to claim funds, but redirect to fake sites
  4. Address change scams rely on updating shipping information and refunding
  5. Refund-difference fraudsters use the overpay-and-cancel-payment tactics
  6. “Friends & Family” payment type scams involve bypassing PayPal’s Buyer Protection
  7. Hacked-account alerts use urgent security warnings and send you to phishing sites

Top 7 PayPal scams (with examples and fixes)

Now that we know the most common ways you can get scammed through PayPal, we can dive into how these devious schemes actually work. Below are detailed explanations of each of the 7 mentioned PayPal scams, so you know exactly what to look out for.

1. Phishing and fake PayPal emails/sites

Phishing attacks make up an entire category of PayPal scams. In fact, they’re so common that PayPal has a dedicated email address where you can forward such emails and messages to report them ([email protected]).

  • How the scam works. You receive an email or a text with an official-looking message that appears to be from PayPal. It urges you to take action, log in, or contact the number to resolve issues with your account.
  • What could happen. You click a link, and the site you’re redirected to looks like PayPal’s, but leaving your login credentials there leads to them being recorded.
  • What to keep an eye on. Odd email domains, spelling mistakes, and login links should all raise concerns.
Cybernews tip to protect yourself:

Ignore emails with poor grammar and suspiciously urgent messages that involve taking actions from within the inbox.

2. Fake invoices and order confirmations

PayPal invoice scams rely on genuine-looking emails with either payment requests or login requests to confirm a payment you don’t remember making.

  • How the scam works. Someone will send you a legitimate-looking payment request. With more elaborate invoice scams, this might even look like it’s coming from a store you’ve actually bought from in the past.
  • What could happen. You tap the link in the email to review the invoice, only for the spoofed website to pick up your login credentials. Alternatively, you download the “invoice” attachment to pick up malware instead.
  • What to keep an eye on. Pay attention to emails that refer to you as “PayPal user” and attachments labeled “invoice”, as PayPal doesn’t do that.
Cybernews tip to protect yourself:

Always verify invoices inside the Activity section from within the PayPal app or on the web.

3. “Money waiting” / payment pending baits

This type of PayPal scam also falls into the phishing category, but there are certain differences between it and the one I mentioned above. While it involves your standard phishing attempt with a fake website, that’s not the whole story here.

  • How the scam works. You come across an email informing you of money waiting in your account.
  • What could happen. You let your guard down and tap the link in the email to access a PayPal-like site that asks you to log in. Once you do, the spoof website picks up your login credentials.
  • What to keep an eye on. All emails with login links should be deemed suspicious.
Cybernews tip to protect yourself:

Avoid clicking on email links and use the PayPal app or manually type “paypal.com” into your web browser instead.

4. Shipping-address switch

PayPal address-related scams involve customers changing the delivery address after a purchase has been completed.

  • How the scam works. A buyer pays for an item you’re selling via PayPal and sends you their details, along with an address to which you should send the item you just sold.
  • What could happen. You send the item, but the shipping company can’t find the address, so they flag the item as undeliverable. The buyer sees this through the shipment tracking service and contacts the shipping company with a new address. Then, they’ll file a complaint with PayPal, claiming the item was never delivered. And since you can’t prove that with the old address, you’re out of both the item and the money.
  • What to keep an eye on. Individuals who provide their own shipping label or request that you ship to an address different from the one on the transaction.
Cybernews tip to protect yourself:

Block rerouting on your merchant account.

5. Overpayment and refund requests

At first glance, the overpayment PayPal scam will look and feel like someone unintentionally paid you more. However, it’s purposefully built that way to exploit your good side.

  • How the scam works. A buyer will send you more money than the item you’re selling is worth, and contact you apologizing for the mistake and asking for a refund.
  • What could happen. You believe it’s an honest mistake and refund the difference, only for them to lodge a complaint with PayPal for their original payment. They then walk away with the item and the amount you sent them.
  • What to keep an eye on. Refund request with urgent messaging or request to send a refund to another account.
Cybernews tip to protect yourself:

Cancel the purchase instead of refunding the overpaid amount. If they want the product, they’ll repurchase it and pay the right amount for it.

6. Friends and family pressure

With this one, fraudsters recommend that you use PayPal’s “Friends & Family” payment type to save money on fees.

  • How the scam works. A buyer might urge you to switch from “Goods & Services” to “Friends & Family” type of payment so you can avoid fees.
  • What could happen. By selecting the F&F option, the payment you make becomes ineligible for PayPal’s Buyer Protection program, and the scammer disappears with the items you paid for.
  • What to keep an eye on. Users you don’t know asking you to switch to F&F instead of using G&S should raise concerns.
Cybernews tip to protect yourself:

Never use the F&F payment category with people you don’t know.

7. Hacked-account notifications and callback cons

Designed to cause you to panic and take quick action, hacked-account scams bet on your fear to cause you to click on a phishing link.

  • How the scam works. You get an email with a message like “Your account has been compromised” or “There is a problem with your account. Please contact us to resolve it”.
  • What could happen. In a panic, you tap the link where you’ll “resolve the issue” or contact the included “support” number and provide your details.
  • What to keep an eye on. Urgent-sounding messages with login links and phone numbers you can’t find on PayPal’s site are a tell-tale sign.
Cybernews tip to protect yourself:

Never contact PayPal through email links or numbers, and use support channels that you find on PayPal’s official site.

Check My Risk Now with Aura

How do PayPal scams work?

As you’ve probably gathered from the examples above, PayPal scams either rely on phishing sites that mimic PayPal’s legitimate pages or social engineering that exploits your trust. In both cases, their operation includes the following:

  • Impersonation. All PayPal scams involve fraudsters posing as either PayPal’s representatives or real buyers or sellers.
  • Urgency and fear. Scammers then craft compelling emails, alerts, and “payment pending” notices with urgent messaging that banks on your fear.
  • Redirection. Click a link in these messages and you’ll be redirected to a malicious PayPal-like site that steals your login credentials. Alternatively, you’ll be tricked out of PayPal’s Buyer Protection program.
  • Monetization. Scammers can then log in to your PayPal account and steal your money directly, disappear with your payment, or lodge a complaint with PayPal to get their payment reimbursed.

Red flags that scream “PayPal scam”

Although scammers are constantly evolving their schemes, the majority of PayPal scams still involve one or more of these elements:

  • Urgent message tone. Most PayPal scammers create a sense of urgency to rush you into giving them your hard-earned money.
  • Misspelled domains. PayPal’s representatives will have email domains like “@paypal.com”. Anything other than that is likely to be a scam.
  • Login links. PayPal will never ask you to log in through an email, so these links are a tell-tale sign of a scam.
  • Requests for gift cards or crypto. Representatives of an established company like PayPal don’t ask for gift cards or cryptocurrencies instead of $USD.
  • Refund-difference asks. Cybercriminals often overpay for your product, then ask you to refund the difference to another account, after which they’ll cancel their original payment.
  • Switch to “Family & Friends”. If someone is asking you to use the “Friends & Family” payment type, you could be dealing with a scammer.
  • Address changes after checkout. PayPal chargeback scams often involve buyers changing their address after payment, then requesting a refund and walking away with both the money and the item.
  • Attachments labeled “invoice”. While PayPal invoice scams look and feel legit, they’ll usually refer to you as “PayPal User”, which PayPal doesn’t do.

What can you do to avoid PayPal scams?

While full-on PayPal scam prevention is still challenging, certain practices can significantly lower your risk:

  • Always log in directly. Clicking random PayPal links exposes you to scams. Always use the official PayPal app or type in “paypal.com” in your web browser.
  • Enable 2FA on your account. While it doesn’t protect you from all scams, two-factor authentication (2FA) prevents account takeovers. So, make sure it’s enabled.
  • Verify the sender’s details. Random headers and spelling errors in domain names and the email itself are very common with scams. You should always inspect these details.
  • Use “Goods & Services”. Scammers avoid Buyer Protection by using the “Friends & Family” payment type. Instead of risking it, just use the “Goods & Services” category.
  • Monitor your account activity. Push notifications can help you spot fraud early, so make sure they’re enabled via both email and SMS.
  • Keep your devices secure. Outdated software poses a severe security risk that you can decrease by keeping your OS, antivirus, and browser up-to-date.
  • Trust your instincts. There’s a reason the saying “too good to be true” exists, and it can be applied here. If you feel something is off, stop what you’re doing.

Conclusion: stay safe from PayPal scams

While there are multiple ways someone can scam you on PayPal, all of the common types of scams can still be prevented. As long as you pay attention to details, incorporate the right practices, and use PayPal’s built-in security tools, you should be good to go.

That said, PayPal’s security features aren’t always enough. Elaborate scams can still slip through these defenses, in which case only a dedicated monitoring tool, such as Aura or Coveron (formerly NordProtect), will be able to detect them.

But you must keep in mind that if you're a New York resident, then you won't be able to use Coveron's identity protection benefits, such as identity theft recovery, cyber extortion protection, and online fraud coverage.

In fact, these security add-ons not only monitor for identity theft and alert users to fraud, but they also facilitate recovery, making them a fine addition for anyone looking for extra security.

Other guides from Cybernews you might be interested in:

Do banks refund scammed money? How to get your money back from a scammer

14 Cash App scams to watch out for in 2026

What to do if a scammer has your phone number: 9 expert tips to stay safe

Venmo scams: 10+ common tricks and how to stay safe

FAQ

What’s the fastest way to reach PayPal about fraud?

The quickest way to report a PayPal scam is through the Resolution Centre. You can also do it through the app by going to Wallet > Activity. Once logged in, tap Report a Problem, select the payment, and follow the steps.

How do I stop fake invoices on PayPal?

First, you’ll need to stop clicking on suspicious-looking links. From there, head to your PayPal account and check the Activity section. Here, you can select the invoice and hit Cancel. It’s also a good idea to forward the scam to [email protected].

Should I file a police report for a PayPal scam?

Yes, you should. Filing a report with law enforcement documents your case. It also generates a unique number that your bank may request before issuing a chargeback. Ultimately, it enables police and consumer protection agencies to conduct further investigations.

Will PayPal refund money if I get scammed?

Whether you’ll be refunded if you’ve been scammed on PayPal depends on the situation. For instance, the company’s Buyer Protection program only works if you report the incident within 180 days. You’re also more likely to be reimbursed for items you haven’t received at all.

Recommended for you
14 Cash App scams to watch out for in 2026
Best dark web monitoring services in 2026
McAfee identity theft protection review: features, pricing, and real-world value
Criminal identity theft: how it happens and how to protect yourself
How to delete your Cash App account in 2026
Aura vs IdentityForce: which identity protection service is worth your money in 2026?