PayPal is one of the top five most impersonated brands in phishing attacks worldwide. Because PayPal handles real money, scammers create a sense of financial urgency that pressures recipients into acting without verifying the source. If you received a text claiming to be from PayPal about a transaction, a limitation on your account, or unusual activity, here is how to tell if it is real.
Check a Message Now →PayPal smishing attacks follow several well-established templates. The most common is an account limitation or suspension notice — a message claiming your PayPal account has been limited, restricted, or suspended due to unusual activity, and that you must verify your identity by clicking a link. A second pattern involves fake transaction alerts claiming someone sent you money or that a payment was received, with a link to 'accept' the funds. A third common variant is a security alert claiming your account was accessed from an unrecognized device or location. In all cases, the link leads to a convincing fake PayPal login page that steals your username, password, and sometimes your linked bank or card information.
Real PayPal texts come from 729-725 (PayPal's registered shortcode) or from verified numbers. They link only to paypal.com — specifically subdomains like www.paypal.com or secure.paypal.com. Any link to a domain like paypal-secure.com, paypal-account-verify.net, or pp-alert.com is fraudulent. Real PayPal notifications use your registered name, not generic greetings like 'Dear User' or 'PayPal Customer.' PayPal will never ask you to provide your password, full card number, or bank account details via a link in a text message. If PayPal has a genuine concern about your account, you will be able to see the notification inside the PayPal app after logging in directly.
Do not click any link in the message. Open the PayPal app or go directly to paypal.com by typing it into your browser. If there is a genuine issue with your account, you will see it there. If you already clicked the link and entered your credentials, change your PayPal password immediately and enable two-factor authentication. Check your linked bank accounts and cards for unauthorized transactions. If you see unauthorized activity, contact your bank and PayPal support directly through the app. Report the phishing text to PayPal at phishing@paypal.com and forward the message to 7726 (SPAM) to alert your carrier.
When you paste a PayPal-related message into our checker, the AI analyzes it for PayPal brand impersonation, suspicious link domains, account limitation or urgency language, and requests for credentials or financial information. A message mentioning PayPal with a non-paypal.com link and account suspension language will score very high and receive a 'Likely Scam' verdict. Genuine two-factor authentication codes from PayPal with no link and no action request will score low. Our tool does not store your message and provides results instantly.
Learn about SMS scams impersonating other trusted brands: