Tomer Barel, Chief Risk Officer, PayPal
You may have seen some recent media reports that criminals are sending an unusually high number of fake or ‘spoof’ emails pretending to be from PayPal. The headlines can be concerning, so I wanted to share some information about what PayPal does to combat this type of crime and why there may be more spoof emails than usual.
What are spoof emails and what is phishing?
Spoof emails are designed to look like they come from a trusted company like PayPal, but are actually sent by criminals trying to trick you into revealing your login and password details. This is scam is known as ‘phishing’.
How does PayPal fight phishing?
We take your safety and security very seriously at PayPal and have a dedicated team of experts that works to protect our customers from phishing. They identify and trace fake emails and web sites and work with law enforcement around the world to stop the criminals behind these campaigns. They also collaborate with Internet Service Providers and industry partners around the globe to make the Internet a safer place for everyone.
One such collaboration is DMARC, a technology, which helps to prevent fake emails from ever reaching your inbox. Another is how PayPal works with industry partners to quickly take down fake web sites.
As a result of these efforts, in the month of August, PayPal reduced the average time a phishing site is live by more than 50% over the industry average. This is a remarkable achievement that helps reduce the number of potential victims significantly.
For those PayPal customers where a phishing attempt is successful, we have multiple lines of defense to protect you. We have sophisticated technologies and algorithms that detect and prevent fraud before it even happens. And, we continue to work on new technologies every day to stay one step ahead of the bad guys.
Why is the number of spoof emails increasing?
However, the more aggressively we fighting phishing, the more spoof emails we can expect to see. Simply put, criminals need to send more emails to try to find victims, because their efforts are becoming less and less successful. The criminals know that fewer of their fake emails are able to get to potential victims and their fake web sites are being shut down at a rate that makes it challenging to steal as many login credentials as before.
How can you join the fight against phishing?
We are pleased that we are keeping our customers safer through these efforts, but we need your support in the fight against phishing. We believe that one of the greatest weapons that we have in the fight against phishing is you.
If you receive a suspicious email, you can help our teams identify the criminals responsible and shut down dangerous web sites, by sending the email to This email address is being protected from spambots. You need JavaScript enabled to view it.. Check out our Security Center to learn more about how you can spot phishing emails.