PayPal Scams 2026
⚠️ Quick Alert: U.S. consumers reported losing $12.5 billion to fraud in 2024 — a 25% jump over the previous year — and PayPal consistently ranks among the top three most-impersonated brands by scammers, according to the Federal Trade Commission. The most common trick right now: emails sent from real PayPal addresses containing fake purchase alerts designed to get you on the phone with a fraudster. If you think you’ve already been scammed, skip directly to our recovery section →.
Currently trending (March 2026): AI-powered voice cloning scams impersonating PayPal support agents, and fake invoice emails sent from legitimate PayPal infrastructure. Biggest red flag: Any unsolicited email or call urging you to act immediately on a charge you don’t recognize. If you’ve been scammed: Report to the FTC at reportfraud.ftc.gov and contact PayPal at 1-888-221-1161.
Table of Contents
How Big Is the PayPal Scam Problem?
PayPal has over 426 million active accounts and processed more than $1.5 trillion in transactions in 2023 — which makes it one of the most attractive targets for fraudsters on the planet. The numbers behind payment app fraud are staggering:
- $12.5 billion lost to fraud in the U.S. in 2024 alone, a 25% increase year-over-year, per the FTC’s Consumer Sentinel Network Data Book.
- PayPal was identified as the third most-impersonated company by scammers in the FTC’s 2024 Data Spotlight — trailing only the IRS and Social Security Administration.
- Imposter scams — the category that includes PayPal impersonation — cost Americans $2.95 billion in 2024, a 10% rise over 2023, according to the FTC.
- ESET’s cybersecurity research team detected over 4,000 attempts to target PayPal users in the first half of 2025 alone, spanning phishing campaigns, fake checkout links, and social engineering attacks.
- Deloitte estimates that authorized push payment (APP) fraud — the type most commonly exploited on platforms like PayPal — could surge from $8.3 billion in 2024 to $14.9 billion by 2028, driven largely by AI-powered scam automation.
The picture is clear: scammers are getting smarter, better-funded, and more technically sophisticated. But so are you — as long as you know what you’re up against.
The 14 Most Common PayPal Scams in 2026
1. Classic PayPal Phishing Emails — Still the #1 Threat
How it works:
You receive an email that appears to come from PayPal — complete with the PayPal logo, blue color scheme, and official-sounding language. The message claims there’s a problem with your account: a suspicious login, an unauthorized transaction, an account suspension, or a payment you need to confirm. It includes a link urging you to “verify your account” or “review the transaction.”
When you click, you land on a site that looks exactly like PayPal — same layout, same fonts, same login form. The moment you enter your credentials, those details go straight to the attacker. Some variants also deliver malware when you click the link, even before you type anything.
Red flags:
- The email sender domain isn’t exactly
paypal.com— look for subtle variations likepaypal-support.com,paypa1.com, ornotifications-paypal.net - Generic greetings like “Dear Customer” or “Dear PayPal User” instead of your actual name
- Urgent, threatening language: “Your account will be permanently suspended within 24 hours”
- Links that display “paypal.com” in the text but point to a different URL when you hover
- Poor grammar, awkward phrasing, or mismatched fonts in the email body
Real example: A Reddit user in late 2024 received a convincing PayPal email warning of a “suspicious login from Russia.” The link led to a pixel-perfect fake login page. After entering their credentials, the attacker changed the password and email address within minutes, locking the user out of their $2,400 balance.
How to protect yourself: Never click links in unsolicited emails. Always navigate to PayPal by typing paypal.com directly into your browser or opening the official app. Check your account there — if there’s really a problem, you’ll see it without clicking anything.
2. The Legitimate-Email Exploit — PayPal’s Own Infrastructure Used Against You
How it works:
This is one of the most dangerous PayPal scams circulating in 2025–2026 — and it’s uniquely difficult to detect because the email actually comes from a real PayPal email address.
Scammers exploit a flaw in PayPal’s merchant subscription system: they create a PayPal subscription for a victim, then immediately pause it. This triggers PayPal’s genuine automated email — sent from service@paypal.com — informing the user that “Your automatic payment is no longer active.” The scammers embed fake purchase information and a fraudulent phone number inside the customer service notes field of the subscription, which PayPal’s system then includes in the legitimate email.
As BleepingComputer confirmed in December 2025, these emails pass all technical security checks — DKIM, SPF, and DMARC — because they genuinely originate from PayPal’s own mail servers. PayPal subsequently closed this specific loophole, but similar infrastructure-abuse tactics continue to evolve.
The email typically claims you were charged $1,300–$1,600 for an expensive device (Sony TV, MacBook, iPhone) and provides a phone number to “cancel.” When you call, a fake PayPal representative asks to remotely access your computer to “process the refund” — and from there, they drain your bank accounts or steal your personal data.
Red flags:
- Unexpected notification about a subscription you don’t remember creating
- A phone number included in the body of a PayPal notification email (PayPal never does this for legitimate alerts)
- Fake purchase amounts for expensive electronics you definitely didn’t buy
- Urgency to call “before the payment processes”
Real example: In June 2025, multiple users reported to CyberGuy that they received PayPal notifications claiming charges of ~$499 or $1,500+ for electronics. Because the emails came from real PayPal addresses, even an experienced federal fraud investigator was momentarily deceived — he had to double-check his actual PayPal account before realizing it was a scam.
How to protect yourself: No matter how legitimate a PayPal email looks, never call a phone number listed in the email body. Go directly to paypal.com or the PayPal app to check your account. Real PayPal alerts will be visible inside your account dashboard.
3. Friends & Family Payment Scams — Stripping Your Buyer Protection
How it works:
A buyer contacts you — often through Facebook Marketplace, Craigslist, or a buy/sell subreddit — to purchase an item. During checkout, they ask you to accept payment via PayPal’s “Friends & Family” option instead of “Goods & Services.” Their stated reason sounds reasonable: no fees for either party, or they say it’s just easier this way.
The trap: PayPal’s Purchase Protection only applies to payments sent through “Goods & Services.” Friends & Family payments are explicitly excluded from PayPal’s dispute resolution system. Once you’ve shipped the item and the scammer has it, they can claim the payment was made in error and request a chargeback — and because the transaction has no buyer protection, PayPal has limited ability to intervene on your behalf.
Alternatively, the scammer simply disappears after you ship, having effectively received your item for free.
Red flags:
- Any buyer suggesting an alternative payment method to avoid “fees” for a commercial transaction
- The buyer expressing urgency or pushing you to confirm payment before they see a shipping label
- Requests to use Friends & Family from someone you’ve never transacted with before
- Pressure to ship the item before the funds fully clear in your account
Real example: A Reddit user on r/HardwareSwap sold a $750 iPad Pro, accepted a Friends & Family payment, shipped the item, and received confirmation from the courier that the buyer signed for delivery. One month later, the buyer filed a chargeback. PayPal reversed the transaction — and because the seller had used Friends & Family, the platform declined to intervene, leaving the seller out $750, the iPad, and shipping costs.
How to protect yourself: For any commercial sale — no exceptions — insist on PayPal “Goods & Services.” The small fee is worth the protection. If a buyer refuses, treat it as a hard red flag and walk away from the deal.
4. Overpayment Scams — The “Accidental” Surplus That Costs You Everything
How it works:
You’re selling something online and a buyer sends more than the agreed price — sometimes significantly more. They quickly message you explaining it was an accident, or that the extra was meant for “shipping costs,” and ask you to wire the difference back to them via Zelle, Venmo, wire transfer, or a gift card.
Here’s the mechanics of the trap: the original payment was made using a stolen credit card, hacked bank account, or compromised PayPal account. When the real account owner discovers the fraud days or weeks later, they file a chargeback. PayPal reverses the original payment — but the money you already wired back is gone forever. You lose the item, the shipping costs, the refunded “difference,” and your original payment.
A common variant: someone contacts you claiming they accidentally sent money to your PayPal account (when they haven’t), and pressures you to send it back to “their real account.” Check your actual PayPal balance before ever responding.
Red flags:
- Any buyer who “accidentally” overpays for an item
- Requests to send the difference via a different payment method than the original (Zelle, wire, gift cards — all non-reversible)
- Urgency to send the refund quickly, “before it processes”
- A shipping company the buyer “wants you to use” — often part of the scam network
- New accounts, minimal reviews, or buyers from distant locations for simple local items
Real example: A seller posted a used MacBook for $900 on Facebook Marketplace. The buyer paid $1,400 via PayPal, explaining the extra $500 was for “expedited shipping.” The seller wired $500 back through Cash App. Three weeks later, PayPal reversed the original $1,400 payment due to a fraud dispute from the real account holder. The seller lost the laptop, $500 in Cash App transfer, and shipping costs — a total loss exceeding $1,600.
How to protect yourself: Never refund an overpayment through any channel other than back through the original PayPal transaction. If a buyer overpays for your item, cancel the order entirely — PayPal itself confirms that legitimate buyers never overpay. Wait for PayPal funds to fully clear before shipping anything of value.
5. Fake Tech Support Scams — Remote Access Is the Endgame
How it works:
You receive an unsolicited call, email, or pop-up notification claiming there’s a serious security problem with your PayPal account — malware detected, suspicious transactions, account flagged for fraud. The “PayPal representative” on the line sounds professional, uses correct terminology, and creates a sense of controlled urgency.
Their request: let them remotely access your computer to “investigate” and “fix” the problem. They may direct you to download legitimate remote access tools like AnyDesk, TeamViewer, or Zoho Assist. Once connected, they have full visibility into your screen — and your saved passwords, banking apps, and files. Some scammers “find” fake viruses to justify billing you for nonexistent security software. Others transfer funds directly from your open banking sessions while keeping you distracted.
This scam frequently begins with the legitimate-looking email exploit described in Scam #2, using a fake charge as the hook to get you to call a fraudulent support line.
Red flags:
- Any unsolicited call claiming to be from PayPal security or fraud department
- Requests to download any software to “fix” an account problem
- Being asked to share your screen, allow remote control, or install a “security tool”
- The “representative” asks you to stay on the line while they “process the refund” — they’re actually transferring your money
- Phone numbers that don’t match PayPal’s official contact page
Real example: In late 2025, a Malwarebytes investigation documented a wave of this scam using the legitimate-email exploit. Victims received real PayPal emails, called the listed number, were connected to fake support agents, and were prompted to install remote access software. Once connected, agents ran fake diagnostic commands in Command Prompt to “prove” infection before installing tools to search the computer for anything of financial value.
How to protect yourself: PayPal will never call you unsolicited and ask for remote access to your device. If you receive a suspicious call claiming to be PayPal, hang up immediately and call PayPal directly at 1-888-221-1161 — the number listed on paypal.com/us/smarthelp/contact-us.
6. Shipping Manipulation Scams — Three Ways Sellers Get Robbed
How it works:
Shipping scams specifically target sellers and come in three common variations. All of them exploit gaps in how PayPal verifies delivery.
Variant A — Buyer’s Shipping Account: The buyer asks you to use their preferred shipping carrier or their personal account, claiming you’ll get a “discount.” What actually happens: they reroute the package mid-transit to a different address, then file a PayPal dispute claiming non-receipt. Because the tracking shows delivery to an address that doesn’t match the PayPal transaction, you can’t prove the buyer received it — and you lose the dispute.
Variant B — Prepaid Label Fraud: The buyer sends you a prepaid shipping label. The label was either purchased with a stolen card (and will be cancelled mid-transit) or is designed to route the package to the scammer’s address before PayPal tracking shows delivery to a legitimate address. In either case, the item ends up with the scammer.
Variant C — Fake Payment Confirmation, Ship First: The buyer sends you a fake PayPal payment confirmation screenshot and urgently pressures you to ship “right now before the payment clears.” As PayPal officially warns, the platform will never tell you to share a tracking number by email, and any payment will show immediately in your account — not “pending” due to shipment.
Red flags:
- Any buyer requesting you use their shipping account or carrier
- Prepaid labels from buyers you’ve never transacted with before
- Pressure to ship immediately before you’ve verified the payment in your PayPal account
- Buyers asking you to ship to a different address than the one on the PayPal transaction
Real example: A seller on Facebook Marketplace accepted a buyer’s prepaid label for a $650 camera. The label initially showed the correct delivery address, but the buyer had arranged with the carrier to reroute it. Three days later, the buyer filed a dispute; PayPal sided with the buyer because tracking showed the package went to a different address than the PayPal order. The seller lost the camera with no recourse.
How to protect yourself: Always use your own shipping carrier. Never use a buyer’s label. Only ship to the address listed on the PayPal transaction. Log into your actual PayPal account — not your email — to confirm any payment before shipping anything.
7. Romance Scams with PayPal Payments — Trust, Then Exploit
How it works:
Romance scams are among the most emotionally devastating financial frauds — and PayPal is one of the primary payment rails scammers use to collect from victims. According to the FTC’s Consumer Sentinel Data, romance scams cost Americans nearly $1.1 billion in 2023 alone.
The process is methodical and patient. A scammer creates an attractive profile on a dating app, social platform, or even a gaming community. They invest weeks or months building genuine emotional intimacy — consistent communication, expressions of love, shared interests, future plans together. Then comes the ask: a financial emergency. Medical bills. A plane ticket to finally come visit. Business troubles. Legal fees.
The requests start small — $100 or $200 to “help” — and escalate with each successful transfer. PayPal’s Friends & Family option is often specifically requested because there’s no purchase protection and payments are difficult to reverse. In 2025–2026, AI is dramatically accelerating this scam: scammers now use AI-generated profile photos, deepfake video calls, and voice-cloned messages to create more believable personas at scale.
Red flags:
- A match who quickly becomes intensely romantic and exclusive — sometimes within days
- Profiles that seem almost too perfect (attractive, successful, well-traveled, articulate)
- Consistently refusing video calls, or video calls that look stiff or pre-recorded
- A perpetual reason they can’t meet in person — always about to visit, always a new obstacle
- Any financial request, no matter how small or “logical” the explanation
Real example: A 54-year-old from Ohio met “James,” a military engineer working overseas, on a dating app in 2024. Over four months, they built a relationship through daily messages and voice notes. James eventually asked for $8,000 to cover a visa fee to finally come visit. After transferring via PayPal Friends & Family, she discovered his profile photos were stolen from an unrelated person on Instagram.
How to protect yourself: Reverse-image-search every profile photo from anyone you meet online. Insist on a live, unscripted video call early in the relationship. If anyone you’ve never met in person asks for money — for any reason, no matter how compelling — treat it as a scam until definitively proven otherwise.
8. AI Voice Cloning Scams — The Most Dangerous Threat of 2026
How it works:
This is the newest and most alarming evolution in PayPal-related fraud. Modern AI voice cloning tools can generate a convincing replica of any person’s voice from as little as three seconds of audio — harvested from social media videos, voicemails, YouTube clips, or podcast appearances. The resulting clone captures not just the voice’s pitch and accent, but its pacing, emotional tone, and subtle speech patterns.
In PayPal-targeted versions of this scam, the attacker may impersonate a friend or family member in distress — calling to say they’re stranded, arrested, or facing a medical emergency and need you to send money through PayPal immediately. They coach you to keep it secret from others (“don’t tell mom, I’m embarrassed”) to prevent you from verifying the story.
A corporate variant targets business owners: a voice clone of a client, partner, or manager instructs an employee to transfer funds to a new bank account or PayPal address. As Fortune reported in December 2025, voice cloning has crossed the “indistinguishable threshold” — the perceptual tells that once gave away synthetic voices have largely disappeared.
According to a 2024 McAfee study, 1 in 4 adults has experienced an AI voice scam. Deepfake-related fraud losses in the United States reached $1.1 billion in 2025, tripling from the year prior.
Red flags:
- An unexpected call from a “family member” or “colleague” in a high-stress emergency
- Pressure to act immediately and keep it secret
- Requests to send money via PayPal Friends & Family, wire transfer, Zelle, or gift cards
- The voice sounds slightly too clean — no background noise, no breathing variation, suspiciously perfect cadence
- The caller avoids answering off-script questions or personal-knowledge questions
Real example: In July 2025, a Florida mother received a call from what sounded exactly like her daughter’s voice — crying, claiming to have been in a car accident and needing $15,000 for legal help to avoid criminal charges. The mother wired the money before reaching her real daughter and discovering the call was entirely AI-generated, assembled from audio clips posted on her daughter’s social media.
How to protect yourself: Establish a family safe word — a code phrase only your immediate family knows, to verify identity in an emergency. Before sending any money based on a phone call, hang up and call the person directly on their known number. Never let urgency override verification.
9. Fake Job Offer Scams — PayPal as the Bait-and-Switch
How it works:
You apply for or are contacted about a remote job — data entry, customer service, reshipping coordinator, virtual assistant. The “employer” runs through a convincing hiring process: application, interview via chat or video, offer letter. Then the setup: they send you a large “advance” payment via PayPal to cover equipment or startup costs, and instruct you to forward a portion to a vendor or contractor.
The payment is always fraudulent — made with a stolen card or compromised account. When PayPal reverses it, you’ve already forwarded your own money to the scammer. You’re left responsible for the full reversed amount.
This scam has exploded in scale: the FTC reports that job scam losses jumped from $90 million in 2020 to $501 million in 2024 — a more than fivefold increase. Remote work culture has made victims far more comfortable with employers they’ve never met in person.
Red flags:
- Unsolicited job offers with suspiciously high pay for low-skill tasks
- Any job that requires you to use your own PayPal or bank account to handle company payments
- Being asked to forward money or buy gift cards as part of your “job duties”
- Employers who interview exclusively over text chat and rush through the hiring process
- No verifiable company address, LinkedIn presence, or web presence
Real example: A college student was hired as a “payment processor” for a remote logistics company in early 2025. On her first day, she received $2,800 in her PayPal account and was instructed to forward $2,500 to a “supplier” via Zelle. She did. Two weeks later, PayPal reversed the original payment due to fraud — and she owed PayPal $2,800 from her own funds.
How to protect yourself: Legitimate employers never ask you to use your personal financial accounts to handle company money. If any part of a job involves receiving and forwarding payments, it is a scam. Verify every employer on LinkedIn, the BBB, and through an independent web search before any financial interaction.
10. Advance Fee / “Nigerian Prince” Scams — Still Running in 2026
How it works:
Despite being one of the oldest internet scams in existence, advance fee fraud continues to claim victims because scammers continually update the framing. The core mechanic is unchanged: you’re told you’re entitled to a large sum of money — an inheritance, a lottery prize, a legal settlement, a business profit-share — but you must first pay a small fee to “release” it. Taxes, legal fees, transaction processing charges, customs clearance.
Each payment you make is followed by a new, slightly larger fee, until you stop paying. The promised funds never materialize.
On PayPal specifically, this scam often arrives via unsolicited email, LinkedIn message, or social media DM. The “opportunity” may be framed as a legitimate international business deal, a deceased relative’s estate, or a charity distribution. Any personal information you share in the process — name, address, bank details — can be used in further identity theft schemes.
Red flags:
- Unsolicited contact from a stranger promising you money you didn’t earn or expect
- Any request to pay fees upfront to receive a larger amount
- Urgency (“This offer expires in 48 hours”) or secrecy (“Do not tell your bank what this is for”)
- Grammar that’s slightly off, or a writing style that feels translated
- Wire transfers, PayPal Friends & Family, or gift cards specifically requested
Real example: A retired teacher in Michigan received a Facebook message in 2025 from a man claiming to be a UN official distributing unclaimed aid funds. She was selected as a recipient of $85,000 — but needed to pay a $350 “disbursement tax” first via PayPal Friends & Family. After three payments totaling $1,050, the messages stopped.
How to protect yourself: There is no scenario in which a stranger owes you money and you need to pay fees to collect it. If an offer requires upfront payment to receive a larger reward, it is a scam. Block and report the contact immediately.
11. Fake Charity Scams — Weaponizing Your Generosity
How it works:
In the hours and days following a natural disaster, terrorist attack, refugee crisis, or any high-profile tragedy, scammers launch fake charity campaigns designed to intercept the surge of goodwill donations. They build convincing websites, create social media profiles using real disaster imagery, and run targeted ads or email campaigns directing donors to PayPal payment links.
The fake charity may use a name that sounds nearly identical to a legitimate organization — “American Red Cross Relief Fund” instead of “American Red Cross,” for example. Donations sent via PayPal Friends & Family (which scammers specifically request to avoid fees) are unprotected and unrecoverable.
In 2024, the FTC specifically warned about a surge in post-disaster charity scams following multiple major weather events and international conflicts. The FBI’s IC3 has also documented charity scam campaigns generating millions in fraudulent donations annually.
Red flags:
- Charities soliciting donations immediately following a breaking news event
- Donation requests that arrive via unsolicited email, DM, or social media ad
- No physical address, phone number, or verifiable charity registration number
- Requests specifically for PayPal Friends & Family, wire transfer, or gift cards
- A charity name that closely mirrors a well-known organization but isn’t quite right
Real example: Following major flooding events in the Southeast in 2024, dozens of fake relief funds appeared on GoFundMe and social media within 24 hours. Several directed donors to PayPal accounts using Friends & Family. After the disaster news cycle ended, the accounts were deleted.
How to protect yourself: Before donating to any charity, verify it through the IRS Tax Exempt Organization Search, Charity Navigator, or GuideStar. Donate directly through the charity’s official website — never through a link someone sends you.
12. Marketplace and Fake Listing Scams — Sellers and Buyers Both Targeted
How it works:
PayPal is frequently used as the payment method in marketplace scams that operate across Facebook Marketplace, Craigslist, eBay, and Reddit’s buy/sell communities. These scams target both buyers and sellers through different mechanisms.
Targeting buyers: You find a listing for a high-demand item — concert tickets, gaming consoles, designer goods — at a price that seems like a deal. The seller pushes for PayPal Friends & Family payment to “avoid fees.” You pay, and either receive nothing, a counterfeit item, or a vastly inferior product. Because Friends & Family has no purchase protection, PayPal cannot intervene.
Targeting sellers: A “buyer” sends a fake PayPal payment confirmation screenshot and pressures you to ship before you’ve verified the funds in your actual account. Or they pay with a stolen PayPal account, receive your item, and the original account holder later files a dispute. PayPal reverses the transaction, and you’re left with neither the item nor the money.
Red flags:
- Prices that are 20–40% below market value for in-demand items
- Any buyer or seller who redirects communication off the platform (to WhatsApp, Telegram, or personal email)
- Requests to use Friends & Family for any commercial transaction
- Payment confirmation “screenshots” sent via text or email instead of verified in the PayPal app
- Sellers who claim they can only ship after you confirm payment via a specific link they send you
Real example: A buyer paid $380 via PayPal Friends & Family for Taylor Swift tickets a seller “couldn’t use” — a common scam framing that exploits FOMO around high-demand events. The ticket codes were invalid, the seller’s account vanished, and because Friends & Family was used, PayPal declined to issue a refund.
How to protect yourself: Only use PayPal “Goods & Services” for marketplace purchases. Verify received funds directly in your PayPal app — not via screenshots or emails. For high-value purchases, use a credit card through PayPal for an additional layer of chargeback protection.
13. Government Impersonation Scams — IRS, FTC, and Social Security via PayPal
How it works:
You receive a call, text, or email from someone claiming to represent a government agency — the IRS, Social Security Administration, Department of Homeland Security, or local law enforcement. The message is alarming: you owe back taxes, your Social Security number has been compromised, there’s a warrant for your arrest, or your benefits are about to be suspended.
The “agent” creates intense urgency and instructs you to pay immediately to avoid criminal charges or account closure — specifically via PayPal, gift cards, or wire transfer. They may even send you a fake badge number or spoofed government website URL.
The FTC reports that losses to government imposter scams surged from $171 million in 2023 to $789 million in 2024 — a 362% increase in a single year. Older Americans are disproportionately targeted, with victims over 70 reporting significantly higher median losses than any other age group.
In 2026, this scam has been turbocharged by AI voice cloning — scammers now impersonate real federal agents by name (using publicly available information from government websites) with cloned or artificially generated voice patterns.
Red flags:
- Any government agency demanding immediate payment via PayPal, gift cards, or wire transfer — this never happens legitimately
- Threats of immediate arrest, deportation, or account suspension if you don’t act right now
- Caller ID showing a government agency’s real number — caller ID is easily spoofed
- Requests for secrecy (“do not tell your family or bank about this payment”)
- Vague charges or “warrants” that the caller refuses to put in writing
Real example: A 71-year-old in Florida received a call from a “Social Security Administration investigator” in early 2025. Her SSN had been “linked to drug trafficking,” and she had 48 hours to pay $4,200 to “suspend the warrant.” She sent the money via PayPal before calling her adult son — who confirmed immediately it was a scam.
How to protect yourself: No U.S. government agency will ever demand immediate payment via PayPal, gift cards, or wire transfer — full stop. If you receive such a call, hang up immediately. Contact the relevant agency directly using the number listed on their official .gov website. Report the call to the FTC at reportfraud.ftc.gov and the FTC’s imposter scam page.
14. DocuSign & Third-Party Platform Exploits — New Frontiers in 2026
How it works:
A sophisticated scam that emerged in late 2024 and expanded through 2025–2026 uses DocuSign’s legitimate email infrastructure to deliver PayPal phishing messages. Scammers access DocuSign’s API to create professional-looking document templates that appear to be official PayPal correspondence — payment confirmations, account agreements, or identity verification requests.
Because the emails originate from DocuSign’s real servers, they pass spam filters and look authentic to anyone who recognizes DocuSign as a legitimate business tool. The document prompts you to “sign” by entering your PayPal login credentials, which are then captured by the attacker. Complaints about this variant appeared on Reddit and DocuSign’s own community forum throughout 2025.
Similar exploits use other trusted platforms: scammers create Google Forms pages designed to look like PayPal verification flows, or Notion pages used as fake PayPal “security portals.”
Red flags:
- Unexpected DocuSign document requests related to your PayPal account
- Documents that ask you to enter a password, SSN, or financial credentials to “sign”
- DocuSign emails referencing transactions or account issues you have no record of
- Signing links that, once clicked, redirect you away from DocuSign to an unfamiliar URL
Real example: Multiple Reddit users in 2025 reported receiving DocuSign emails with subject lines like “PayPal Account Verification Required” and “Action Required: Confirm Your Identity.” The documents prompted credential entry on what appeared to be an embedded PayPal login — but the data was routed to an attacker-controlled server.
How to protect yourself: PayPal does not use DocuSign for routine account verification. If you receive a DocuSign document related to PayPal that you didn’t request, do not open it — forward the email to phishing@paypal.com and delete it. If you’re ever uncertain, log into your PayPal account directly to check for any actual alerts.
Already Been Scammed? Here’s What to Do Right Now
If you think you’ve fallen victim to a PayPal scam, speed matters. The faster you act, the better your chances of limiting the damage. Here’s your step-by-step recovery plan.
Step 1: Stop the Bleeding — Do This Immediately
- Log into your real PayPal account (type
paypal.comdirectly, do not click any links) and change your password immediately to a strong, unique one you’ve never used before - Enable Two-Factor Authentication (2FA) if you haven’t already — go to Settings → Security → Two-step verification
- Disconnect any linked bank accounts or debit cards from your PayPal account while you investigate
- If you gave remote access to anyone, shut your computer down immediately. Run a full antivirus scan before using it again — preferably with a tool like Malwarebytes or Norton 360
- Contact your bank if you transferred money directly from your bank account or if you shared banking credentials with anyone
- If you shared your Social Security Number, place a credit freeze with all three bureaus immediately: Equifax, Experian, and TransUnion
Step 2: Document Everything
Before anything else is deleted or lost, take screenshots and save:
- The original scam email, text, or social media message (including full headers if it’s an email)
- Any transaction records visible in your PayPal account
- Phone numbers that called you or were listed in messages
- Usernames, profile names, or account information of the scammer
- Any receipts from payments you made (wire confirmations, gift card numbers, etc.)
This documentation will be critical for your dispute with PayPal, your bank, and law enforcement reports.
Step 3: Report the Scam — Every Agency That Needs to Know
Reporting matters — both for your own potential recovery and to help protect others. File reports with:
- FTC (Federal Trade Commission): reportfraud.ftc.gov — the primary U.S. consumer fraud reporting portal. The FTC shares reports with over 3,000 law enforcement partners.
- FBI Internet Crime Complaint Center (IC3): ic3.gov — essential for reporting cybercrime, identity theft, and online fraud involving significant sums.
- PayPal directly: Log into your PayPal account, go to the Resolution Center, and open a dispute for any unauthorized transaction. For phishing emails, forward them to phishing@paypal.com.
- Your bank or card issuer: If you paid via bank transfer, debit card, or credit card, contact your financial institution immediately. Credit card chargebacks must typically be filed within 60 days of the statement date.
- Your state Attorney General: Many state AGs have active consumer fraud units. Find yours at naag.org.
Step 4: Protect Your Identity Going Forward
A scam that involved sharing personal information — your name, address, SSN, date of birth, or any account credentials — creates identity theft risk that extends well beyond PayPal:
- Check your credit reports for any new accounts or inquiries you didn’t authorize at annualcreditreport.com (the only official free credit report site)
- Place a credit freeze (not just a fraud alert) with Equifax, Experian, and TransUnion — this prevents new accounts from being opened in your name
- Monitor your email for password reset notifications you didn’t request — a sign someone is testing your credentials on other platforms
- Consider an identity protection service (see our Tools section below) that monitors dark web markets for your stolen data
Can You Get Your Money Back from a PayPal Scam?
The honest answer: it depends entirely on how you paid. Here’s a realistic breakdown:
PayPal Goods & Services payment: Your best chance. File a dispute in the PayPal Resolution Center within 180 days. If you didn’t receive what was promised, PayPal’s Purchase Protection may cover the full amount. Success rates are reasonable but not guaranteed — document everything.
PayPal Friends & Family payment: Very difficult. Friends & Family payments are explicitly excluded from PayPal Purchase Protection. You can still report it to PayPal, but the platform has limited ability to reverse these transactions. If the payment was made with a credit card, try a chargeback with your card issuer.
Credit card payment (via PayPal): Good odds. Contact your card issuer and file a chargeback for unauthorized charges or non-delivery. Federal law (the Fair Credit Billing Act) gives you the right to dispute fraudulent credit card charges.
Debit card payment (via PayPal): Harder, but possible. You have some federal protections under the Electronic Fund Transfer Act, but they’re weaker than credit card protections. Contact your bank within 60 days of the fraudulent transaction.
Bank wire transfer: Very difficult to recover. Wire transfers are designed to be final. Contact your bank immediately — in rare cases, international wires can be recalled if caught within the same business day. File a report with the FBI IC3, which has a specific recovery program for wire fraud.
Zelle, Cash App, or Venmo: Extremely difficult. These platforms generally treat authorized transfers as final. If the payment was made via a scam (you were tricked into sending it), some banks are beginning to offer limited recovery options — but this is not guaranteed. Report immediately and contact your bank.
Gift cards: Nearly impossible. Once the codes are used, the funds are gone. Report to the gift card issuer immediately — in rare cases with fast reporting, they can deactivate unused balances.
Cryptocurrency: Effectively irreversible. Blockchain transactions are permanent and pseudonymous. Report to the FBI IC3, but recovery rates for crypto sent to scammers are extremely low.
Tools That Help Protect Against PayPal Scams
No single tool eliminates fraud risk — but the right combination creates meaningful layers of defense that make you a much harder target than the average PayPal user.
Antivirus & Web Protection
The most immediate defense against phishing links, fake PayPal login pages, and the malware scammers try to install during fake tech support calls. A modern antivirus suite will flag spoofed domains, warn you before you enter credentials on an unsafe site, and block malicious downloads.
Top picks for PayPal users: Norton 360 includes real-time web protection and a dark web monitoring component. Malwarebytes Premium is a strong option for lightweight but effective malware and phishing detection. Both are covered in our Best Antivirus Software guide for a full comparison.
Identity Theft Monitoring
If a PayPal scam exposed your personal information — name, address, SSN, date of birth — identity theft monitoring is the safety net that alerts you before the damage becomes severe. These services scan dark web forums, data breach databases, and financial records for signs your identity is being misused.
Why it matters here: Scammers who successfully phish your PayPal credentials often sell them in bulk on dark web markets. An identity monitoring service will flag if your email/password combination surfaces on these markets so you can act before an account takeover. See our full Best Identity Theft Protection guide for tested picks.
VPN (Virtual Private Network)
A VPN doesn’t directly prevent PayPal scams, but it protects you in a specific scenario that matters: public Wi-Fi. If you access PayPal on a public network (airport, coffee shop, hotel), an attacker on the same network could potentially intercept unencrypted traffic. A VPN encrypts your connection end-to-end, eliminating this exposure.
Reviewed options can be found in our Best VPN guide.
Password Manager
Credential stuffing — where attackers use leaked username/password pairs from one breach to access your PayPal account — is a documented attack vector. In January 2023, nearly 35,000 PayPal accounts were compromised via exactly this method. A password manager ensures every account has a unique, complex password that can’t be credential-stuffed.
1Password and Bitwarden are the two most recommended options across independent security reviews.
PayPal’s Own Built-In Security Tools
Don’t overlook what PayPal provides for free:
- Two-Factor Authentication: Enable at Settings → Security → Two-step verification. This single step makes account takeover dramatically harder, even if your password is stolen.
- Push notifications: Enable both email and SMS alerts for every transaction — this lets you spot unauthorized activity within minutes rather than days.
- Biometric lock: On mobile, enable Face ID or fingerprint authentication for the PayPal app to prevent unauthorized access if your phone is lost or stolen.
- Transaction monitoring: Regularly review your PayPal activity log for any transactions you don’t recognize. PayPal’s Resolution Center allows you to dispute unauthorized charges within 180 days.
Frequently Asked Questions About PayPal Scams
How do I know if a PayPal email is real or a scam?
The single most reliable test: go to paypal.com directly in your browser (or open the app) and check your account. If the email is about a real transaction, it will appear in your account activity. If there’s nothing there, the email is a scam — regardless of how legitimate it looks. Real PayPal emails always address you by your full name on file; “Dear Customer” is a red flag. PayPal also maintains a full list of official email addresses on their security help page.
Can you actually get scammed through PayPal?
Yes, absolutely — and it happens frequently. While PayPal’s “Goods & Services” payments include meaningful purchase protection, scammers deliberately route victims toward Friends & Family payments, gift cards, or wire transfers to bypass those protections entirely. PayPal was identified as the third most-impersonated company by scammers in the FTC’s 2024 data — meaning its brand is actively exploited to defraud users through phishing, fake invoices, and tech support fraud.
How do I report a PayPal scam?
You have multiple reporting channels, and using all of them helps:
- PayPal directly: Log in → Resolution Center → Report a problem; or forward suspicious emails to phishing@paypal.com
- FTC: reportfraud.ftc.gov
- FBI IC3: ic3.gov
- Your state Attorney General: Find your AG at naag.org
- Your bank or card issuer: If money was transferred from a linked account
Can I get my money back from a PayPal scam?
It depends critically on how you paid. PayPal Goods & Services purchases are the most recoverable — file a dispute within 180 days. Credit card payments offer the next-best recourse via chargebacks. Friends & Family payments, wire transfers, Zelle, gift cards, and cryptocurrency are extremely difficult or impossible to recover. Act immediately: the sooner you report, the higher your chances. Contact your bank and PayPal simultaneously rather than sequentially.
Why are PayPal scams increasing?
Several converging factors: PayPal’s massive user base (426+ million accounts) makes it a high-value target. AI tools have dramatically lowered the cost and skill required to run sophisticated phishing campaigns, generate convincing fake websites, clone voices, and send personalized scam emails at scale. ESET’s research documented over 4,000 PayPal-targeted attacks in just the first half of 2025. And as consumers become more cautious about fake email addresses, scammers have adapted by exploiting legitimate platforms — including PayPal’s own infrastructure — to send authentic-looking messages that bypass traditional detection.
Are PayPal scams illegal?
Yes. PayPal scams constitute wire fraud, identity theft, and computer fraud under multiple federal statutes — including the Computer Fraud and Abuse Act and the Wire Fraud Statute (18 U.S.C. § 1343). Penalties can include federal prison time. That said, many scam operations run from overseas jurisdictions where U.S. law enforcement has limited reach — which is why prevention is always more effective than post-scam prosecution.
What is the most common PayPal scam in 2026?
As of early 2026, the phishing email remains the most common attack vector — accounting for the majority of PayPal-related fraud reports. However, the legitimate-email exploit (where scammers send fake purchase notifications from real PayPal infrastructure) and AI voice cloning scams are the fastest-growing threats. The Friends & Family payment redirect is the most consistently used mechanism for eliminating victim recourse once a scam is underway.
How do scammers find their victims on PayPal?
Multiple vectors: mass phishing campaigns sent to millions of email addresses simultaneously, data from previous breaches that include known PayPal users, dark web databases of leaked credentials, social media profiles that reveal financial activity or valuable possessions worth targeting, and marketplace listings on platforms like Facebook Marketplace or eBay that signal both the transaction type and the payment method preference.
What should I do if I called a fake PayPal number?
Assume your conversation may have been recorded for voice cloning purposes. Change your PayPal password immediately. If you provided any personal information (name, address, SSN, account details), place a credit freeze with all three bureaus at Equifax, Experian, and TransUnion. If you gave remote computer access, run a full malware scan and consider a clean reinstall if the machine behaved unusually. Report the number to the FTC at reportfraud.ftc.gov.
Is it safe to use PayPal in 2026?
PayPal is safe when used correctly — meaning Goods & Services payments for purchases, strong unique passwords, 2FA enabled, and verification done through the official app or website rather than email links. The platform itself has robust security infrastructure. The risk lies almost entirely in social engineering: scammers exploiting human psychology rather than technical vulnerabilities. Use the platform’s built-in protections, stay skeptical of unsolicited communications, and you dramatically reduce your exposure.
Final Verdict: Staying Safe in an Era of Smarter Scams
PayPal isn’t going anywhere — and neither are the scammers targeting its 426 million users. What’s changed in 2026 is the sophistication of the attacks. Emails now come from real PayPal addresses. Voices on the phone sound exactly like your family members. Phishing pages are pixel-perfect replicas of the real thing.
The good news is that the defenses haven’t changed much — and they work. Every scam described in this guide relies on one common ingredient: urgency that prevents you from pausing to verify. That’s the lever scammers pull. Removing it removes their power.
Before you act on any unexpected PayPal alert — email, call, text, or DM — take 60 seconds to log directly into your PayPal account. That one habit defeats the majority of scams documented here. Add 2FA, use Goods & Services for every purchase, keep a unique PayPal password, and know the recovery steps cold.
If you’ve been targeted — report it. To PayPal, to the FTC, to IC3. Every report contributes to detection patterns that protect the next potential victim.