How to tell if an email is really from PayPal
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.67 out of 5)

How to tell if an email is really from PayPal

With another PayPal email scam making the news, let’s talk about how to tell if the email is legitimate.

When it comes to criminals impersonating companies, PayPal has got to be near the top of the list. The payment service is regulrly spoofed in emails, has its website spoofed and gets its name dragged into all range of malfeasance by ne’er-do-wells the world over.

How to tell if an email is really from PayPalPart of that is owed to PayPal’s ubiquity. No matter where you live, chances are you’ve heard of PayPal.

So, it should come as no surprise that once again, PayPal is in the news as cybercriminals send spoof emails aimed at infecting computers with Trickbot malware.

As first reported by My Online Security, people should be on the lookout for an email claiming to originate from, with the subject line “PayPal account warning.” The email includes an infected word document, posing as a Data Verification Form, which delivers the Trickbot banking trojan.

The email actually originates from a look-a-like domain,, that can potentially be mistaken for the genuine article. Here’s a screen shot of the email.

Fake PayPal email

Now, if we’re being honest this is a bad spoof email. Hopefully, anyone with a discerning eye could take one look at this and figure out that it was fake pretty quickly.

For starters, the actual email address doesn’t match the address shown as the sender. Beyond that, there is no header, no footer, the line breaks are odd, the English is unnatural, though, to their credit they did at least list the correct address for PayPal’s San Jose headquarters.

Obviously, it goes without saying that if you get an email like this, you shouldn’t open it.

But what if the email looked a little more convincing? What if this was a passable imitation? How can you tell if PayPal really sent an email? Here’s how…

How to tell if an Email really came from PayPal

How to tell if an email is really from PayPalStraight from PayPal itself, here’s how to identify a real PayPal email:

  • An Email from PayPal will always come from, as you can see in the example above, it’s easy to fake the friendly name, but the full address can’t be spoofed. So regardless of what the friendly name may say, always check the address that the email was sent from. If it originates from any domain other than, it’s not authentic.
  • An Email from PayPal will always address you by your first and last name, or your business name. Going back to the earlier example again, “Greetings, Dear Client” is definitely not something PayPal would say. In fact, I’m pretty sure you’d have to go back to Charles Dickens’ England to hear anyone say that in polite conversation.

That being said, PayPal will NEVER:

  • Send an email asking you to confirm or supply sensitive information such as a password, banking information or debit/credit card data.
  • Send an email containing any attachments.
  • Send an email asking you to download or install software.

Here’s a good rule of thumb, if you’re unsure if an email is actually from PayPal, go to the PayPal website and log in. If PayPal really was trying to communicate with you, chances are you’ll see something when you log in. If not, just disregard.

  • Since the stimulus checks, fraud is high….this is what I get in my email..this PayPal logo just this….. PayPal Caution Registration Cancellation Confirmation (90620452….Account Resolution Center <……….claim my account is limit to suspicious spending and had an attachment…that I had 24 hours to verify account….I only charge one item to ti media for and body oil purchase yesterday……please help..thank you for your time..

  • I received a email from PayPal saying dear my email address. My account was limited due to high claim and chargebacks, buying the same thing over again and high charges. As your payment processor we need to understand these changes. Go to the resolution center for more information or your account might be limited further. In email I pressed resolution center and it put me to billing information. My full name,address, ssn, birthday, mother’s maiden name. The address wasn’t from PayPal it was from somewhere else. Is that phishing email

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.