PayPal Logo Displayed on Smartphone
Home ScamsPhishing Scams PayPal ‘Refund Pending’ Phishing Scam

PayPal ‘Refund Pending’ Phishing Scam

by Brett M. Christensen

Image: ©


Message claims that the recipient has a refund pending from PayPal due to a mistakenly applied late payment charge. The recipient is instructed to complete the refund transaction by clicking a link and logging into his or her PayPal account.

Brief Analysis

The message is not from PayPal and the claim that the recipient is eligible for a refund is a lie. Those who follow the link in the message will be taken to a bogus website that asks for their PayPal login information and other personal and financial details.


Subject: We do apologise for this mistake which was caused by erros from our system

Dear Customer,

Our record shows that you have a refund pending due to late payment charges mistakenly applied
to your account by us. We sincerely apologise for this mistake which was caused by errors on our system.
This transaction cannot be completed until you log on to verify your account information.
Please note that it may take up to 3 working days to credit your account with the refund.

Click here to Log On

Please do not reply to this message. For questions, please call Customer Service.We are available 24 hours a day, 7 days a week.

Copyright 1999-2012 Paypal group. All rights reserved.

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

PayPal Refund Phishing Scam Email


Detailed Analysis

According to this email, PayPal owes you a refund due to a mistakenly applied late payment charge.

According to the message, to claim the refund, you must click a login link in the email in order to verify your account information and complete the transaction. The email comes complete with the PayPal logo and copyright notice.

However, the email is not from PayPal. In fact, it is an attempt by online criminals to trick you into handing over your personal and financial information.
You, dear reader, are likely far too wise to get caught by such a ruse. But, if you did click the link, you would be taken to a fraudulent website designed to look very similar in appearance to the genuine PayPal site. Once there, you would be asked to log in by entering your PayPal email address and password. Next, you would be taken to a second bogus page and asked to supply ID and contact information as well as your credit card details.

Alas, after clicking the “Submit” button on the bogus web-form, all of your personal and financial information would be sent off to the scammers running this phishing attack. Probably before you even realized that you had been phished, the scammers would have logged into your real PayPal account, used it to conduct various fraudulent transactions and ran up a hefty credit card bill in your name.

PayPal is a favourite target of phishers, probably because PayPal does conduct so much of its business via email. But, PayPal will never send you an unsolicited email that asks you to verify or update your account by clicking a link. Or by opening an attachment as in some variants of these phishing scams. And PayPal will never send you a message that includes a generic greeting such as “Dear Customer”. Official PayPal emails will always address you by name. PayPal has published information about phishing scams on its website, including where to submit any scam emails that might come your way.

Given that warnings about such scam attempts have been widely publicized for years, both online and via the mainstream media, some might find it rather incredible that people still actually fall for them. But, people do still get taken in. Every day. All over the world. Phishing works. Otherwise, the criminals would not bother to pursue the tactic so vigorously.

So, don’t assume that all of your friends and colleagues already know about how phishing scams operate. Perhaps take the time to share information about phishing with those who might not be aware of such nefarious activities. You might just save someone from becoming a victim. And make it just a little harder for some grubby scammer to get his hands on an innocent person’s money and information.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,