The safety and security of PayPal users is always our priority. In times of unrest and uncertainty, spammers and scammers around the world may try to take advantage of these vulnerabilities, so it’s important to stay vigilant and protect yourself from such attempts. Below are a few tips to help you stay protected while making online transactions.
QUICK TIPS
- Use passwords with a combination of letters, numbers and symbols, and avoid using the same password for all of your accounts
- Set up 2-step verification (2FA) and a mobile PIN for your PayPal login
- Stay vigilant to fend off phishing attempts via email, text or phone.
Passwords
Industry statistics show that many people reuse the same password everywhere and for those who don’t, most have only three or four passwords for their various accounts. This is why it’s important to have passwords that contain a variety of letters, symbols and numbers. Having a simple password means that you are more vulnerable to malware, phishing and identity theft. Don’t use information that could be found on social media in your passwords such as your pet’s name, children’s names, favourite football team, your name, birthday, driving license or phone numbers. Can’t remember all your passwords? You can find reputable password managers online that can manage that for you at little to no cost.
2-step verification (2FA) and mobile PIN
Setting up 2-step verification and a mobile PIN adds a second layer of security to your online account. Login to PayPal and click the settings icon in the top right-hand corner of the screen. Click the ‘Security’ tab to set up a mobile PIN and 2-step verification.
How to spot fake, fraudulent, spoof or phishing emails
Phishing is a form of social engineering that attempts to steal sensitive information by posing as a legitimate institution phishing for your personal details. The attacker’s goal is to compromise systems to obtain usernames, passwords, and other account or financial data. While phishing is frequently accomplished by email, it can also be used via phone and text message.
When you receive an email claiming to be from PayPal, but you aren't sure you trust it is from us, here are a few guidelines that can help you spot the real from the fake. Below are common practices seen in phishing attempts to watch out for.
- Impersonal, generic greetings, such as “Dear user” or “Dear [your email address]: Emails from PayPal will always address you by your first and last names or by your business name. We never say things like "Dear user" or "Hello PayPal member".
- Asking you for personal information: PayPal will never ask you to provide your password, credit card numbers, bank account numbers, driving license, email or full name through text message or email.
- Asking you to click on links that take you to a fake website: If there's a link in an email, always check it before you click. A link could look perfectly safe like www.paypal.co.uk/SpecialOffers, so make sure to hover your mouse over the link to preview the true URL. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.
- Containing unknown attachments: Don't ever open an attachment unless you're sure it's legitimate and safe. Be particularly cautious of invoices from companies and contractors you're not familiar with. Some attachments contain viruses that install themselves when opened.
- Conveying a false sense of urgency: Phishing emails are often alarmist, warning that your account needs to be updated immediately. They're hoping you'll fall for their sense of urgency and ignore warning signs that it's fake. If there is an urgent need for you to complete something on your account, you can find this information by logging in to PayPal.
If you suspect you’ve been a target of a PayPal phishing scam, forward the entire phishing email, text exchange or spoof site information to spoof@paypal.com. Do not alter the email subject line and do not forward the message as an attachment. Please delete the email from your email account immediately after.
Unauthorised Account Activity
If you think someone has used your account without permission report it to PayPal as soon as possible and we will endeavour to get back to you before the end of the Business Day after you tell us about the problem. We’ll help protect you as much as possible.
More simple steps on protecting yourself from scammers can be found here.