Introduction to PayPal Phishing
The issue of PayPal fishing is really simple. Scammers will send out fake emails to convince you that something is wrong with your account. They’ll provide a link to your account and have you login and provide the information that they apparently need. Shortly afterwards, your identity is stolen and your PayPal account is drained. Hopefully you didn’t tie your account to your credit card or bank account, or those are drained too.
You can get most of those accounts back through several frustrating phone calls, but money in your PayPal account is often gone if it has been transferred and withdrawn to a real world account. They can file a lien on the account, but it’s usually abandoned by that point.
The best way to protect your PayPal account from phishing attempts is to stay vigilant and educate yourself about PayPal’s email practices. These are also generally good ideas for battling phishing scams too.
Identifying PayPal Phishing Emails
Since most attempts at PayPal phishing will be through email, it’s important to be able to tell genuine PayPal emails from the fake ones.
The most important thing to note is that the sender address listed is not necessarily real. That can be spoofed quite easily for someone who knows what they’re doing with a scam. It may say that it’s from "email@example.com" but it isn’t necessarily real. You need to check the format. Does it just say "Dear PayPal User?" If so, then it’s a PayPal phishing scam. PayPal always uses your name in their emails. They also aren’t very alarmist, despite the horror stories out there. Emotional language about losing your account or any "urgent" needs for information should act as warning signs.
Also, look at what they apparently want or need. PayPal has an official list of things that they will never do in an email. You can find the list yourself here. Basically, they aren’t ever going to ask you to list your information in a convenient package for identity theft.
They already know your name, so they will never ask for your name. They also won’t ask for your important information through an email. They would handle that through more official channels. If they ever needed anything, they would send an official email asking you to login normally and provide the information that they need.
PayPal will also never expect you to just use a link to login to their website. In fact, it’s a really good habit to never use email links to login to a website. Just type it out and go to your account. If there’s a genuine concern, then there will be a reminder or option there.
Other PayPal Phishing Tricks
Links are a very important part of phishing. Anyone can change the text of a link to look like it just leads to paypal.com. If you mouse over it, you’ll find that it just leads to some very complicated spoof site. You should always type it in yourself. If you really want to use a link, just make sure that it is leading to "https://www.paypal.com" which is their full address.
Also watch out for attachments. These are particularly nasty and have the potential to force malware onto your computer. PayPal won’t send any attachments in their emails. You’re safe to just delete any "PayPal" email with an attachment.
I will also note that you can’t get too complacent. The phishers are always getting a little bit better. I know that a recent scam sent out very well done emails that looked like normal PayPal invoices for a very large bill to shopping websites. The goal was to get people to use their login link to put in their username and password on a fake PayPal website. Note, that if you are practicing my advice, you would have just logged in normally through the official website and confirmed that it was a fake bill.
PayPal Concerning PayPal Phishing
Note that PayPal does have active efforts to stop phishing. Besides publishing official lists to clarify what to expect in an official email, they also have a support email dedicated to these phishing emails. If you ever get an email that you suspect to be a PayPal phishing email, then you can forward that email to "firstname.lastname@example.org." They should get back to you shortly to either confirm or deny your suspicions.
Using all of these tools at hand, you should be able to protect your PayPal account from phishing scams and other efforts to steal your money.