PayPal scam: how to spot fake refund message, what to do if you get one, how to stay safe from phishing emails

Up and down the country, people continue to have money concerns as the cost of living crisis goes on. Unfortunately, this can play into the hands of scammers who use our worries and insecurities to steal our personal information and hard earned cash.

Fraudsters often impersonate reputable companies in order to gain our trust - and then steal our personal information, such as bank details, to gain access to our money. Every day, there are numerous fake texts, emails and letters that are sent out to people claiming to be from companies such as Royal Mail, DHL, Amazon and TV Licensing.

Now, there’s a PayPal scam email which states people are due a refund of almost £500 because of an incorrect payment made on their account - but it’s a con, presumably designed to steal sensitive information and possibly even funds from people’s genuine PayPal accounts.

So, what does the fake PayPal scam email look like, how can you tell it’s not real and what should you do if you receive it? Here’s everything you need to know.

What does the PayPal scam email say?

The email, which has been received by a NationalWorld journalist, states that the recipient has supposedly sent a payment of almost $500, or £407.99, to Coinbase, which is a legitimate secure online platform for buying, selling, and storing cryptocurrency. In fact, PayPal did allow UK users to buy and sell cryptocurrency for the first time in 2021, so the scammers are using this information to make their scam seem more credible. The email also has the official PayPal logo included to make it appear genuine. It has the subject “Invoice RXTZ98172872 for PayPal User”, or something similar with a different letter and number combination.

The email reads: “Dear Customer, you sent a payment of $478.00 USD (£390) to Coinbase corporation. If you did not make this payment or to cancel this transaction, please call our Help Desk number: +1 (518) 481-3027. Cancellation after 48 hours from this email won’t be valid for a refund.” It’s then signed off with a seemingly friendly statement of “have a great day!” and even an alleged PayPal help desk number of +1 (518) 481-3027.

There is also a supposed invoice attached, which claims to be from PayPal Support, and also includes a quote number and a PayPal user number. Again, this document also includes the official PayPal logo which, at first glance, makes it appear real.

How can I tell that the PayPal scam email is a fake?

There are multiple ways you can tell that this email is a fake. In terms of the content of the message, the first simple question is to ask yourself if it makes sense to you. Our reporter has never used Coinbase so they knew straight away that this email didn’t seem right. Even if you have used the service, however, you would know if you had spent such a huge amount of money - so always think of these obvious things first. The reporter who was sent this email also did a quick check of their real PayPal account, to ensure that a hack hadn’t taken place, and found that there was no record of this supposed spend.

Secondly, look at the language used. There is a sense of urgency and a time limit attached, warning you that if you do not contact them within two days you will have lost your money. This is designed to make you panic and act on impulse, but don’t fall for it. The email also has a friendly and polite tone which can lull you into a false sense of security and make it seem like it’s come from a professional person, but it hasn’t.

Beyond the content of the email itself, one of the first things to look at when you suspect an email you have received could be fake is the email address it has come from. In this case, the email claims to be from PayPal Customer Care, but the address is actually “[email protected]”. The official Paypal email, as noted on the official PayPal website, is [email protected]. This is an email address to be expected for an official company as it has the name of the brand in the domain name, so you should not trust any email addresses which do not have this.

Next, the name of the email is “PayPal Customer-care”. Official accounts don’t usually use extra characters like this in their name, and the use of an additional character such as a hyphen is very small but suggests that an account is fake. This is because these characters are usually used by fraudsters because the account name has already been taken by the genuine company which means that they can’t use it - and they then make this very small change which can go unnoticed.

The next thing to note is that the financial details given are in US dollars rather than UK pounds. We know that PayPal is used around the world, but if you are a UK user then any genuine information you receive from the company would be provided using UK currency. In addition, the phone number given is foreign. Again, you can contact PayPal here in the UK so if it was a legitimate request then it would include UK contact details.

If you are unsure about contact details received in an email claiming to be from an official company then you can quickly find out if they are trustworthy by putting them in an internet search engine. If you have been given a real contact number or email then there will be a search result linking it to the official website but if not then you’ll find it isn’t linked at all. In this case, an internet search of the number provided on the email by a NationalWorld journalist doesn’t show any results.

Two other things which give the communication away as fake are the two numbers given on the alleged invoice; the PayPal user number and the quote number. PayPal does not identify users by a number, instead each person who signs up inputs their full name and email address details and these are then used for any legitimate communications with the company. In addition, the quote number also appears to be completely random and does not match up with the invoice number given in the subject line of the email.

The final telltale sign that the email is a scam is that it is impersonal. It begins “dear customer”, but as previously stated you have to give your full name when you sign up to PayPal and so any genuine correspondence from them would include your name. This generic opening to a message is another small thing that could be overlooked but it indicates that a text, email or letter isn’t real and it also suggests that the exact same message has been sent out to multiple people.

What should I do if I get the PayPal scam email?

PayPal has issued its own advice to customers on what to do with fake emails. A statement on the PayPal website reads: “received a suspicious email, message or invoice? Don’t reply, open links, download attachments, or call any listed phone numbers. We’ll never ask for your PayPal password or financial details by email or message, or over the phone. Forward suspicious messages to [email protected] and then delete them”. PayPal also confirmed in their common email scams guide that they would always address customers by their first and last name, or their business name, and never send any attachments in their emails.

If you receive the email then you should not reply, call the number provided or send any of your details. You should also report the email to Action Fraud by calling 0300 123 2040 or using their online reporting form. You can also forward this email, and any other suspicious emails, to [email protected].

If you have already engaged with the scammer and given out any of your personal information you should change your PayPal password and also let your bank know what’s happened immediately. You can do this using the contact details for your bank as listed on the FCA register, which is the official list of bank contact information, to give you peace of mind that you are actually speaking to someone at your bank. Your bank will then be able to advise you on what you should do next.

Finally, you can also contact the Financial Conduct Authority’s consumer helpline on 0800 111 6768 or report suspicious businesses or individuals online.