Browse By

Fake PayPal email

Now that you have a PayPal account, you should be wary of emails you receive supposedly from PayPal. Although the email might have a header and logo similar to that of PayPal, most of these are actually phishing mails intent on stealing your personal information.

More information about phishing, how to check if an email is fake, and ways to protect yourself from phishing can be found in the What is Phishing? article. A sample phishing website is explained in the “Beware of the fake egold website!” article.

Yesterday we received an email purportedly from PayPal asking us to login to the site to update our personal records. Failure to do so, the email says, will result in account suspension. Here’s a screenshot of the email.

At first glance, it looks like an authentic PayPal email. A closer analysis of the entire content, however, will lead you to believe this is a fake email. Let’s go through the contents in detail.

The Email Header

If you didn’t pay much attention to the header, you would think the email was indeed from PayPal. In the first place, the sender of the mail was “” — supposedly an official PayPal address.

Date: 30 Oct 2006 16:09:34 -0000
Subject: Warning Notification !

Advances in technology, however, have given mail senders the ability to change the header of an email. Although the mail was sent by “,” the actual sender was different. To see who sent the mail and from where it was sent, check the email’s full headers. Our email in question has these full headers:

X-Apparently-To: via; Mon, 30 Oct 2006 10:38:46 -0800
X-Originating-IP: []
Return-Path: <>
Authentication-Results:; domainkeys=neutral (no sig)
Received: from (HELO ( by with SMTP; Mon, 30 Oct 2006 10:38:46 -0800
Received: (qmail 64089 invoked by uid 65534); 30 Oct 2006 16:09:34 -0000
Date: 30 Oct 2006 16:09:34 -0000
Message-ID: <>
Subject: Warning Notification !
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Content-Length: 1827

Note the message ID, domain keys, sender’s IP and mail server and compare these with the headers of an authentic PayPal email:

X-Gmail-Received: e3648473ad76129564fb58bfcdf8607df9661f7c
Received: by with SMTP id k9cs34780bue;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Received: by with SMTP id a11mr7196313hud;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Return-Path: <>
Received: from ( [])
by with ESMTP id 30si7241523hub.2006.;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Received-SPF: pass ( domain of designates as permitted sender)
DomainKey-Status: good (test mode)
Received: from ([])
by (8.13.7/8.13.7) with SMTP id k9VHxmQQ009397
for <>; Tue, 31 Oct 2006 09:59:48 -0800
X-DomainKeys: Sendmail DomainKeys Filter v0.4.1 k9VHxmQQ009397
DomainKey-Signature: a=rsa-sha1; s=dkim;; c=simple; q=dns;
X-DKIM: Sendmail DKIM Filter v0.5.1 k9VHxmQQ009397
DKIM-Signature: a=rsa-sha1; c=simple/simple;; s=dkim;
t=1162317588; bh=itgF7PyvQkUyZa4tpiPKD1MSl1E=; h=Received:Date:
Sender; b=MMkZrnvaGEjSDxMgDfqirGRzsMaBBCi1dB4DEtzkA/wec6hnewcyHjZ5F
Received: (qmail 9317 invoked by uid 99); 31 Oct 2006 17:59:48 -0000
Date: Tue, 31 Oct 2006 09:59:48 -0800
Message-Id: <>
Subject: Receipt for your Money Request
X-MaxCode-Template: email-receipt-individual-money-request
To: <>
From: “” <>
X-Email-Type-Id: PP117
X-XPT-XSL-Name: /default/en_US/request/ReceiptIndividualMoneyRequest.xsl
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=windows-1252
MIME-Version: 1.0
Sender: <>

The email in question was sent through IP address while the original PayPal email was sent from the IP address Looking up the WHOIS record of the first IP address, we get the following, a confirmation that the mail did not originate from any of PayPal’s servers.

Net Sentry Corp NETSENTRY (NET-69-26-160-0-1) –
xeex NETSENTRY-XEEX-01 (NET-69-26-172-0-1) –
Your OneStop Network, Inc. YOUR-ONESTOP-NETWORK (NET-69-26-175-0-1) –

The second IP address has the following WHOIS record, and shows that the mail was in fact from a server of eBay, mother company of PayPal.

OrgName: eBay, Inc
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US

NetRange: –
NetName: EBAY-2
NetHandle: NET-66-211-160-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Assignment
RegDate: 2006-01-25
Updated: 2006-01-25

The Logo

Don’t be fooled by the logo used in the email. It was simply grabbed from PayPal’s site (URL: and intentionally used to deceive recipients that the email was an official PayPal correspondence.

The Welcome Greeting

All PayPal emails start with a personalized greeting that mentions your PayPal’s account name. The email in question used the generic “Dear sir” greeting, a sign that this email was sent in bulk.

The Login Link

The final giveaway that the email is in fact a fake PayPal email is the login link to your account. If you hover (rest) your cursor over the “Click here to update your PayPal account information” link, you will notice in the lower-left portion of the browser that the link redirects to — a link unrelated to PayPal. Visiting the site will lead you to an exact replica of the PayPal login page, but this is actually a phishing site.


Warning Notification

Dear sir,

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records before November 06, 2006.

Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.

Click here to update your PayPal account information

Actual Link (DO NOT VISIT):

What you should do

We advise you not to visit that link and not to input any information in the login fields in the site. Forward the fake email to to notify PayPal about these new PayPal phishing emails and sites. If you are using Gmail, you can report the mail as a phishing email by clicking More Options > Report Phishing.

You should never fully trust any email you receive supposedly from PayPal. Use the guide above to check whether the mail is indeed authentic or merely a fake, phishing email.

Smile and rate this post! Thank you!
No votes yet.
Please wait...

View other Related Posts below

Ask a question or post a comment
About this post: e paypal com, service@intl paypal com, sendmail@paypal com, 66 211 168 231, @e paypal com

13 thoughts on “Fake PayPal email”

  1. John Q. Netizen says:

    Is this PayPal logon page a fake ????

    http://login3. paypalglobaldatabase. com/cgi-bin/webscr.php?cmd=_login-run

    The link was sent in e-mail

    This page:

    http://paypalglobaldatabase. com/


    paypalglobaldatabase. com
    This page is parked free, courtesy of

    1. Rumah Mukena says:

      how to know the IP address? which part that must i click on?

      I also get order from Anna Travis. I am curious since she used different facebook nickname. last time, i ignored her. Now, she inbox me again with different name. But I still remember the email. She asked me to send the request money from paypal to Then i search information about her.

      Thank you so much for the nice and beneficial article.

      Warm greeting :)
      Linot Queenza – Indonesia

  2. James | says:

    It’s fake. The official PayPal site is Any other PayPal site that uses a different URL is certainly fake.

  3. Grin go says:

    Yeah it’s fake. Never go on any other paypal sites than

  4. Candace says:

    Is this email I received real or a fake?

    Hello Candace Sparg,
    You have an instant payment of $610.00 USD from Sharon Rodney (
    Thanks for using PayPal. To see all the transaction details, log in to your PayPal account.

    It may take a few hours for this transaction to appear in your account.


    Seller Candace Sparg

    Note to seller
    You have to provide to us the shipment tracking number so that your funds can reflect in your account as soon as possible.

    Shipping address – confirmed
    Adekunle Oluwaseun

    28 Olayinka street, Ijeshatedo
    Shipping details

    Description Unit price Qty Amount
    “Nokia 5230”
    Item #
    $610.00 USD

    1 $610.00 USD

    Shipping and handling

    $0.00 USD

    Insurance – required

    $0.00 USD


    $610.00 USD

    $610.00 USD

    Payment sent to: Candace Sparg

    Issues with this transaction?
    You have 45 days from the date of the transaction to open a dispute in the Security Center

    IMPORTANT NOTE: This PayPal® payment has been deducted from the buyer’s account and has been “APPROVED” but will not be credited to your account until the shipment reference/tracking number is sent to us for verification so as to secure both the buyer and the seller.Below are the necessary information requested before your account will be credited.Send tracking number to us or email us through this mail and our Customer security service center will attend to you. As soon as you send us the shipment’s tracking number to us for security purposes and the safety of the buyer and the seller,the money will be credited to your account.
    Once item has been shipped and the tracking number sent to us,
    You will receive a “CONFIRMATION EMAIL” from PayPal® Team informing you that the Fund has been credited.

    Questions? mail our agent incharge of your transaction at or reply this mail for assistance.

    To receive email notifications in plain text instead of HTML, log in to your PayPal account, go to your Profile, and click Notifications.

    Copyright © 1999-2009 PayPal. All rights reserved.

    PayPal Email ID PP1525.

    1. Nizreen Osman says:

      I just received the exact same email and the person I have been dealing with on Facebook by the name of Anna Travis. I have a bad feeling about this when she sent me payment of US$1,335 with this same email instructions from Paypal asking me to provide the shipping tracking no. And it’s for the same address in Nigeria and email that you have.

    2. anonymous says:

      I was scammed by Anna Travis on facebook as well, with an address in Dundee, Scotland. She will pay u any amount, and u wonder why she’d be willing to pay that much. She has my camera and she did not pay a dime for it. I lost out on money for shipping and a good camera.

      1) She created fake paypal emails
      2) She used a email

      and after i confronted her about it. she said sorry. *awkward*

      So selling on facebook is not a good idea. and even when u deal with paypal. just make sure u get the money first. paypal wont withold any money or ask u for all kinds of details.

      be careful everyone! there are a lot of evil / greedy ppl in this world!

  5. making money says:

    Excellent Article! I personally really like your post. This is a great website. I will make sure that I’d stop by again!

  6. yymovcom87 says:

    Collection of some of your personal information is essential for completion of some of the functions and activities of this Website. We will? if it is reasonable or practicable to do so? also collect your personal information directly from you. For instance? the collection of your personal information may happen when you????.

  7. Cathern says:

    Thanks for finally talking about >Fake PayPal email — <Liked it!

  8. says:

    Thanks for ones marvelous posting! I genuinely enjoyed reading it, you
    can be a great author.I will always bookmark your blog and may come back sometime soon. I want to
    encourage one to continue your great job, have a nice afternoon!

  9. Desie Umberger says:

    my business partner was searching for a form earlier today and was informed of a company with a searchable database . If others need it too , here’s a

  10. xbot says:

    Get Legit Hacked Western Union Transfers, Bank Transfers/Logins, MoneyGram Transfer, Hacked PayPal Transfers/Accounts, Credit Card TopUp….


    **** Live screen offer or video evidence of Accounts or Transfers before Payment is made!

    **** We bargain STRICTLY on Transfers and Logins.

    all exchanges are Legit and sponsored by Secure Dedicated Offshore servers.

    **** No charge Back or Trace Backs.

    We have MoneyBack and Reinbursement Policy with every minute of every day Support.


    Contact eMail _____ undergroundfunds (at)

    Contact Skype _____ undergroundfunds

    Facebook _____

    Website _____
    ICQ _____ 651395850

    Youtube _____

Leave a Reply

Your email address will not be published. Required fields are marked *