Don’t be fooled by spoof PayPal mails

James Ryan Jonas

Forwarded this PayPal phishing email to and got a reply several hours later:

Thank you for contacting PayPal about a fraudulent (spoof) email or Web
site. We appreciate you bringing this suspicious email to our

We can confirm that the email you received was not sent by PayPal. Any
website which may be linked to this email is not authorized or used by

Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.

Reporting unauthorized PayPal transactions

In the same email, PayPal also gave a step-by-step guide to report unauthorized transactions in one’s account.

If you are able to log into your PayPal account:

  1. Log in to your account at
  2. Select the “Resolution Center” subtab.
  3. Click “Open a dispute.”
  4. Select “Unauthorized transaction,” then click “Continue.”
  5. Enter or select the transaction ID for the transaction you would like to dispute, then click “Continue.”
  6. Complete the report for Unauthorized Use on a PayPal Account, then click “Continue.”
  7. Confirm that the claim is correct, then click “Submit.”

If you cannot log in to your account:

  1. Go to
  2. Click on the “Security Center” link located at the bottom of any page.
  3. Under the “Report a Problem” column, click on “Unauthorized Transaction.”
  4. Click “Continue” under “Unable to log in?”
  5. Confirm that the transaction in question is unauthorized then click “Continue.”
  6. Complete the report for Unauthorized Use on a PayPal Account, then click “Preview.”
  7. Confirm that the claim is correct, then click “Submit.”
  8. Confirm your account ownership by entering the financial information requested, then click “Continue.”

Ways to fight spoof emails

Here are PayPal’s tips on how to fight fraudulent emails.

  • Report it. Forward the entire email – including the header information – or the site’s URL to We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
  • Use Account Guard on the eBay toolbar. If you use Internet Explorer, download the eBay toolbar. Account Guard helps ensure you are on PayPal or eBay.
  • Use the SafetyBar. Email security provider Cloudmark has engineered a toolbar for Microsoft Outlook you can use to report spoof emails. Should you receive a spoof, click the SafetyBar’s “Block Fraud” button to automatically report it to us.
James Ryan Jonas teaches business management, investments, and entrepreneurship at the University of the Philippines (UP). He is also the Executive Director of UP Provident Fund Inc., managing and investing P3.2 Billion ($56.4 Million) worth of retirement funds on behalf of thousands of UP employees.