Safe Browsing Check.
SAFE BROWSING CHECK · PAYMENT SCAMS Every scam needs you to show up. A trusted name, a rush, and one action only you can take. Check from the app instead, and the whole play collapses.

Most PayPal Scams Run the Same Play. Learn to Read It.

By Marta Lane · Updated April 4, 2026 · 6 min read

The email looks right. PayPal's logo, the familiar blue, a subject line that drops your stomach: "Your account has been limited." There's a button to fix it. Click it and you're one screen away from typing your password into a page that isn't PayPal. You wouldn't know until the money was already gone.

The people behind that email are betting on one thing: that you'll answer the message instead of checking the facts. It's the same bet behind the text that says you sent a payment you didn't, the call about "suspicious activity," the buyer who overpaid and just needs a quick refund. The costumes change constantly. The bet underneath almost never does.

So instead of memorizing fifteen scams, learn the one shape they share. Once you can see it, the specific story stops mattering.

The shape behind almost all of them

Scammers rarely break into PayPal itself — its systems are genuinely hard to crack. So they go around them, through the one part of the system that can be talked into anything: you. Pull off the disguise and nearly every PayPal scam makes the same three moves.

  1. A name you trust — PayPal, a buyer, a charity, a government office, or someone you've been messaging for weeks.
  2. A reason to rush — your account is suspended, a payment is pending, you owe a fine, you won a prize. Whatever it is, you have to act now.
  3. An action only you can take — click this link, call this number, refund the difference, or "just send it as friends and family."

That third move is the whole point. The scammer can't reach into your account, so the entire act exists to get you to click, call, or send. The day you start noticing those three moves, the rest of this article is really just examples.

When the message pretends to be PayPal

This is the big one, and it now arrives by email, text, and phone.

The classic is a phishing email warning that your account is limited or a payment is on hold, with a link to a login page that's a pixel-perfect copy of the real thing. Type your password there and you've handed it over. The text-message version (smishing) and the phone-call version (vishing) work the same way — a scary notice and a number to call or link to tap. Reports in 2026 describe scammers using AI-cloned voices to make those calls sound like a real agency or even a real company, which makes the "act now" pressure feel more convincing than ever.

One habit defeats all three. PayPal will not ask you for your password or full card number by email, text, or phone. So you can ignore what the message wants you to do and check for yourself — open the PayPal app, or type paypal.com into your browser by hand. If there's a real problem, it'll be waiting for you there. If the app shows nothing wrong, the message was the scam.

The three-move play, on one email Every costume runs the same three moves. Your account has been limited. Fix your account Illustration — not a real email. 1 · A name you trust The logo and the familiar colors are the costume. 4 · The fake login The button opens a pixel- perfect copy of the real page. 2 · A reason to rush Suspended, on hold, act now. The pressure is the tool. 3 · One action, yours Only you can click it. That's the whole point. THE MOVE — never act from the message Open the app or type the address yourself. If there's a real problem, it will be waiting for you there. If the app shows nothing, the message was the scam.
The three moves, located on the email that carries them; the fix never changes — check from the app, not the message (PayPal and FTC sources linked in the body).

When you're the one selling something

If you sell online, the play flips: now the scammer is the "buyer."

The most common version is the overpayment. The buyer pays more than the agreed price, then asks you to refund the difference — often to a different account. Later the original payment is reversed or turns out to be from a stolen card, and you're left without the goods, the refund you sent, and the sale. A close cousin is the address switch, where a buyer quietly reroutes the package after purchase, then claims it never arrived.

Two plain rules cover most of it. Nobody genuinely overpays by accident, so treat any "please refund the extra" request as a stop sign — cancel and redo the sale at the correct amount. And ship only to the address shown on the order, never to a new one sent by email or chat.

The trap that quietly cancels your protection

When you're buying, the costliest move is also the quietest: a seller who asks you to pay using "friends and family" instead of "goods and services," maybe to "save the fee."

That favor has a cost. According to PayPal's own guidance, friends-and-family payments aren't covered by Purchase Protection and generally can't be reversed. So if the item never shows up, you have almost no way to get your money back. A seller pushing you toward friends and family is one of the clearest warning signs there is.

The rule writes itself: when you're paying anyone you don't personally know and trust, choose goods and services. The small fee is the price of being able to get your money back.

When it tugs at your heart or your luck

The last group skips the fake login page and goes for emotion.

There's the prize or lottery message: you've won a large sum, you just need to cover a small "fee" or "tax" first. There's the fake charity, which tends to appear right after a disaster, mimicking a real organization's name. And there's the slow romance version, where someone spends weeks building trust online before a sudden emergency and a request for money, frequently, again, by friends and family.

The thread tying them together: you never have to pay money to receive money. A real prize doesn't require an upfront fee. Before donating, look the charity up yourself rather than using a link you were sent. And money for someone you've only ever met online is money you should assume you won't see again.

Why it's worth the small effort

These schemes are common enough to plan for. The Federal Trade Commission reported that people lost more than $12.5 billion to fraud in 2024 — about 25% more than the year before. Impersonation scams, the exact category most PayPal cons fall into, accounted for $2.95 billion of that, and government-imposter scams alone for $789 million.

Behind those numbers is the same setup every time: a trusted name, a rush, and one action only you could take.

The short version you can actually use

Five habits neutralize almost everything above:

That first email will still land in your inbox someday, looking just as official as ever. The difference is that now you don't reach for the button. You open the app, see no alert, and go back to your afternoon. The whole scheme needed you to play your part — and you simply stopped showing up.

You might also like