PayPal account suspension phishing

PayPal phishing comes in two main shapes. The first is the suspension claim: an email says your account has been limited or suspended and you need to verify identity to unlock it. The link leads to a credential-capture page.

The second is the invoice trick. PayPal allows anyone to send an invoice to any email. Scammers send fake invoices for expensive items ($700 for a "GPU upgrade," $400 for "Norton renewal") with a call-this-number-to-dispute footer. The phone number leads to fake support that asks you to install remote-access software — exactly the tech-support popup scam wearing a PayPal costume.

• Email about account suspension with a link to "verify."
• The email's "from" domain isn't @paypal.com.
• A PayPal invoice for an item you didn't buy.
• The invoice tells you to "call this number if you don't recognize this charge."
• The phone number isn't PayPal's real customer service (1-888-221-1161).
• Caller asks to install remote-access software to "refund" you.
• Real PayPal invoices include the sender's email — fake ones often hide it.

1. Open the PayPal app directly. Real account status appears there.
2. Never click links in PayPal emails. Type paypal.com or open the app.
3. For an invoice you didn't make, log into PayPal and decline/dispute through the app itself. Don't call the number in the email.
4. PayPal Customer Service is reachable through the in-app "Contact Us" or 1-888-221-1161 — verify on PayPal's site.
5. Forward phishing emails to spoof@paypal.com.

• Change your PayPal password immediately and enable 2FA (preferably authenticator app, not SMS).
• Review recent transactions for fraud.
• Revoke connected app permissions.
• If you installed remote-access software, disconnect from internet and run anti-malware.
• Check your linked bank and card for unauthorized charges.
• Change passwords on any account sharing the same password.
• Report to PayPal, FTC, and IC3.

• Do not call phone numbers in PayPal invoices or emails.
• Do not install remote-access software at the request of "PayPal support."
• Do not share your password, 2FA code, or device-login code with anyone calling.
• Do not wire money to "return" a fraudulent invoice. PayPal handles disputes in-platform.

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.