Donate SIGN UP

Is Someone Trying To Steal Your PayPal Details?

16:30 Mon 27th Mar 2017 |

  Read the Original Question


I've had an email purporting to be from PayPal saying that my account has been limited due to unusual activity and giving me a link to my account to deal with the matter. They also site a 'Case ID number.'

The email is addressed to ' Dear PayPal Client' which rang alarm bells and I've logged into my PP account through the website and can find no outstanding issues.

Can anyone advise, please as I don't want to click on the link provided.


A common question among Answerbankers is whether an email they have received from a company is legitimate, or if it is an attempt to steal their details or install a virus on their computer.

Continue reading or watch the video below to find out how you can avoid becoming a victim of phishing emails.

How do phishing emails work? 

The emails claim to be from a company but are phishing emails, which means they are sent by scammers attempting to get your information (such as account usernames and passwords or bank details) so that they can steal your money.

Some of these emails may include attachments which they tell you to download – these could contain viruses or keyloggers. A keylogger records the letters you type on your keyboard, and in doing so could record your passwords or other details you enter into a website. Once they have this information they can then access your account and take your money.

If the emails contain links, these may take you to a website which looks like the website of the company in question, but isn’t. If you enter your account details into this website you are giving the scammers access to your account.

Commonly, these emails appear to come from PayPal, HRMC, Amazon, and a variety of banks. It’s easy to tell that they are not real if you don’t have an account with the company or bank in question! If this happens, you can just delete the email knowing it’s rubbish.


How to avoid being scammed 

There are a few other tell-tale signs that let you know when an email hasn’t come from the company it claims to have:

Is it in your inbox?

If an email has landed in your junk or spam folder rather than your inbox, this suggests that your email provider believes the email to be suspicious, so this is a good indicator.

Check the ‘from’ email address

First, check the email address it has come from. If an email claims to be from PayPal but the email address doesn’t end in or similar, it’s not really from them.

What do they want?

PayPal will never ask you to provide your contact, account, or payment details. They won’t send you emails with attachments, or ask you to download or install anything. If you receive an email asking for any of these things, do not comply.

Check for your name

A genuine email will address you by your name. If the email starts “Dear customer”, Dear client”, or something similar, this indicates that the email is suspicious.

Check the links in the email

You shouldn’t click on any links in the email, because not only might they be unsafe, but the sender may be able to see that you have clicked on the link, and they will know that your email address is active. This might encourage them to keep sending you spam.

However, you can check whether the links in the email are legitimate by hovering your mouse cursor over them. When you do this, look at the bottom of your browser – the web address should appear here. If it doesn’t end in (for example), includes a different company name, or just looks like gibberish, then the email is not genuine.

Look for spelling errors

If you spot any spelling errors, this is a sign of an unprofessional, sloppy email – how many big companies do you know that send out emails with their own name spelled incorrectly? Spelling errors, bad grammar or nonsensical sentences should ring alarm bells.


How to report the email

Many companies have an email address which you can send spoof emails to. Find the correct email address and forward the email to it – in the case of PayPal, the email address is [email protected]. You will receive a response letting you know whether or not the email was legitimate, and PayPal uses the information to take action against the culprits.


What if you have fallen for a phishing email?

If you have clicked on a link and entered your details into a suspicious website, let the company or bank in question know as soon as you can so that they can prevent any suspicious activity from taking place. You will probably need to change your password, too. If you downloaded an attachment, run a virus scan on your computer, delete the file or application you downloaded, and let the company know what happened. There should be information on the company’s website to help you.


Phishing Email Dos and Don’ts


If you receive a suspicious-looking email, do:

  • Use the guide above to decide whether the email is legitimate
  • Check your account with the company in question by searching for the website or by typing it into your address bar (not by clicking on a link in the email)
  • If the email looks like spam or phishing, forward it to the company’s special spoof email address, e.g. [email protected]
  • Delete the email



  • Click on any links
  • Open any attachments
  • Reply to the email


Companies which are often the subject of phishing emails provide their own more specific advice about recognising and reporting these emails, including PayPal, Amazon, and HMRC.

If you’re still unsure, you can ask a question about a specific email in The AnswerBank Spam and Scams section.

Do you have a question about Technology?