Credit Card and PayPal Phishing Scams
Home ScamsPhishing Scams PayPal “Cancel Payment” Phishing Scam

PayPal “Cancel Payment” Phishing Scam

by Brett M. Christensen

Image: ©doroshin/

Email purporting to be from PayPal claims that the recipient has sent a payment to a specified merchant and offers instructions for cancelling the payment if required.

Brief Analysis:
The email is a phishing scam designed to trick recipients into divulging their PayPal account login details and a large amount of personal and financial information. All of the information supplied will be sent to online criminals and used to commit financial fraud and identity theft. The merchant or seller specified in the messages may vary in different incarnations of the scam. If you receive one of these bogus emails, do not click on any links or open any attachments that it contains.

Receipt No: 4230-2939-1080-2029
You sent a payment of $56.00 AUD to Big W Photos Online.
It may take a few moments for this transaction to appear in the Recent Activity list in your Account Overview.
Big W Photos Online.
+61 21300614359 Instructions to merchant
You haven’t entered any instructions.
Description Unit price Qty Amount
$56.00 AUD 1 $56.00 AUD
Subtotal $56.00 AUD
Total $56.00 AUD
Payment $56.00 AUD
Payment sent to Big W Photos Online
Receipt No: 4230-2939-1080-2029Issues with this transaction?
If you belive this is an error please follow the link below to login to your paypal account.
On the next page, please complete the required details, then press the ‘Cancel Payment’ button to confirm. Your payment will be cancelled and the funds returned to your PayPal account.
PayPal Cancel Payment Phishing Scam


PayPal Cancel Payment Phishing Scam

Detailed Analysis:
According to this email, which claims to be from online payment company PayPal, the recipient has sent a payment to a specified merchant or seller.

The email is professionally presented and includes the PayPal logo and seemingly official formatting and links. The message provides details of the supposed transaction and instructs recipients to click a “cancel payment” or “resolve it now”  link should they believe that the payment was sent in error.

But, although it closely resembles a genuine PayPal payment notification, the email is fraudulent. PayPal did not send the message and the listed transaction details are invalid.

The criminals responsible for this phishing expedition hope that at least a few recipients, believing that a fraudulent transaction has been made via their accounts, will be panicked into clicking the link.

Those who do click will be taken to a bogus website and asked to supply their PayPal email address and password on a fake login box. After logging in, they will be presented with a web form, which asks for a large amount of personal and financial information.

All of the information supplied can be harvested by criminals and used to hijack the compromised PayPal account, commit credit card fraud, and steal the identities of victims.

The merchant or seller specified in the scam emails may vary. Some may name a well-known merchant or company as the receiver of the sent funds. Others may use the names of what appear to be individual PayPal sellers.

Criminals have regularly used such tactics to steal information from PayPal customers. In another version, the scam emails falsely claim that a Skype Top-Up payment has been sent via the user’s PayPal account. And, very similar “You sent a payment” emails have been used to trick people into downloading malware. A quick rule of thumb. PayPal emails will ALWAYS address you by your first and last names or business name. They will never use generic greetings such as ‘Dear customer’. Nor will they omit the greeting.

It is always safest to login to your PayPal account by entering the account address into your browser’s address bar rather than by clicking a link in an email.

You can report PayPal phishing scam emails that you receive via the reporting email address listed on the company’s website.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,