How to Report Phishing to PayPal: A Clear 2026 Guide

Written by: Abigail Ivy
Published on:

What phishing to PayPal looks like

Phishing emails, texts, calls, and fake websites try to impersonate PayPal to steal login credentials, card details, or one-time security codes.

Knowing how to report phishing to PayPal starts with recognizing the common signs: urgent language, mismatched links, poor spelling, requests to “verify” sensitive information, and sender addresses that only look legitimate at first glance.

Scammers often copy PayPal branding, use secure-looking logos, and create convincing login pages.

The goal is usually the same: trick you into entering your email, password, PIN, bank details, or authentication code.

If you know what to look for, you can stop the attempt quickly and help PayPal’s security teams track abuse patterns.

How to report phishing to PayPal

The fastest way to report a suspicious message is to forward the full email to PayPal at [email protected].

Send the original message without altering the subject line or body, because headers and links can help investigators trace the source.

If you received a suspicious text message, take a screenshot and save the sender details before deleting anything.

For fraudulent websites, phishing pages, or fake login portals, report the URL directly through PayPal’s security channels and avoid entering any information on the page.

If the message came through a PayPal account notification, you can also log in by typing PayPal’s address manually in your browser and review recent activity from the account dashboard.

  • Forward suspicious emails to [email protected]
  • Save text messages as screenshots
  • Copy the suspicious URL exactly as shown
  • Do not click links or download attachments
  • Report account activity only after logging in from a trusted browser

Where else can you submit a phishing report?

If the scam uses PayPal’s name but reaches you through another platform, report it there as well.

Email providers such as Gmail, Outlook, and Yahoo offer built-in phishing reporting tools that help filter similar attacks for other users.

If the scam arrived by SMS, use your phone’s built-in spam reporting feature or your carrier’s message abuse tool.

When a phishing campaign includes a counterfeit domain, you can also notify the domain registrar or hosting provider.

This can help remove fraudulent sites faster, especially if the page is used to harvest credentials at scale.

For high-risk incidents involving financial loss or identity theft, consider filing a report with local consumer protection agencies or cybercrime authorities.

What information should you include in the report?

A useful report gives PayPal enough technical detail to examine the threat.

Include the sender’s email address, display name, subject line, message content, and any links or attachments.

For texts, include the phone number, timestamp, and screenshots.

If the scam used a fake domain, paste the full web address exactly as it appeared.

If you interacted with the message, note whether you entered a password, security code, or payment information.

If you believe your account may be compromised, mention the approximate time you noticed the suspicious activity and whether you changed your password or enabled multi-factor authentication afterward.

  • Sender address or phone number
  • Exact subject line or SMS wording
  • Suspicious links, domains, or file names
  • Screenshots of the message or webpage
  • Details of any information you entered

How to verify whether a PayPal message is real?

Legitimate PayPal messages usually address you in a neutral way and avoid pressuring you to act immediately.

They may refer you to your account activity, but they should not ask for your password, full card number, or bank login credentials by email or text.

A safe practice is to open PayPal by typing the official URL directly into your browser or using the official app, then compare the alert there.

Check the sender domain carefully, but do not rely on appearance alone.

Attackers can spoof display names, and some phishing emails use lookalike domains that differ by one character.

Hover over links on desktop to inspect the destination, and on mobile, long-press to preview the URL before tapping.

Red flags that usually indicate phishing

  • Requests to “confirm” passwords, PINs, or verification codes
  • Threats of account suspension unless you act now
  • Links that lead to unfamiliar or shortened domains
  • Unexpected attachments, especially invoices or receipts
  • Generic greetings that do not match your account details

What to do if you clicked a phishing link?

If you clicked but did not enter information, close the page, clear your browser history if needed, and run a malware scan on your device.

If you entered your PayPal password, change it immediately from the official website or app.

Use a strong, unique password that you do not reuse on other services.

If you entered a security code or one-time password, assume the attacker may try to access your account quickly.

Review recent logins, connected devices, linked bank accounts, and automatic payments.

Remove any unfamiliar payment methods and update your security questions or recovery settings if available.

How to secure your PayPal account after a phishing attempt?

After reporting the scam, strengthen your account so the same attacker cannot easily try again.

Enable two-factor authentication, review permissions for connected apps, and confirm that your recovery email and phone number are current.

Monitor your account for unfamiliar transactions, especially small test charges that sometimes precede larger fraud attempts.

It is also smart to protect the email account linked to PayPal, because attackers often target email first to reset payment platform passwords.

Change that password too, enable two-factor authentication there, and review forwarding rules or filters that could silently redirect security alerts.

  • Change your PayPal password immediately if credentials were entered
  • Enable two-factor authentication
  • Review linked bank accounts and cards
  • Check for unauthorized transactions or subscriptions
  • Secure the email account associated with PayPal

How PayPal handles phishing reports

PayPal uses phishing reports to identify fraudulent domains, email patterns, and scam infrastructure.

Reports can support takedowns, improve spam filtering, and help warn other users.

While you may not receive a detailed case response, well-documented reports improve the chance that malicious messages are blocked or investigated promptly.

Keep copies of the suspicious email, screenshots, and any follow-up notices in case you need them for a dispute or fraud claim.

If money was sent accidentally or account details were misused, time matters, so document everything before deleting the evidence.

When should you contact additional support?

If you lost money, cannot access your PayPal account, or notice unauthorized payments, contact PayPal support directly through the official app or website.

For card-based fraud, alert your bank or card issuer right away, because payment networks such as Visa and Mastercard may offer dispute protections.

If the phishing attempt involved identity theft, place fraud alerts with relevant credit bureaus where available.

Reporting phishing is most effective when you combine the report with fast account protection.

The more quickly you preserve evidence, change credentials, and review activity, the better your chances of limiting damage from a scam.