All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
In order to fully recover your PayPal account, you’ll need to log back in and update your security settings to lock out the hacker for good. You may need to reset your password first if they've changed it, but if they already updated your email, then you'll likely need to contact PayPal customer support directly to get access.
Take a deep breath as we walk you through how to recover from a PayPal hack. We’ll also recommend identity theft protection to keep your login credentials safe from future hackers.
Warning signs
How to report fraud to PayPal
How to protect your account
FAQs
Bottom line
How to recover your hacked PayPal account
If a hacker has breached your PayPal, you should take action immediately. It’s possible to recover a hacked PayPal account, but the sooner you act, the more potential financial and identity theft damage you mitigate. Follow these steps to recover your hacked PayPal account.
Step 1: Reset your PayPal account password
The first thing hackers will do when they successfully take control of an account is change the password in order to lock the original owner out.
If you can’t log in to your account for this reason, you may still be able to change your password by doing the following:
- Open the PayPal app on your phone, or go to PayPal’s official login page in a web browser.
- After entering your email address, select the Forgot password? Option.
- Enter your email address and select Next.
- Select your preferred security check option and click Next.
- After completing the security check instructions, you’ll be prompted to create a new PayPal password.
After you change your password, check your security and account settings to make sure the hackers didn’t alter anything else, like your backup email address or contact details. Hackers may exploit some of these settings to access your account.
Step 2: Recover your email address
Hackers may also change the email address attached to a PayPal account to make it even more difficult for the account owner to log back in.
If you’re unable to log in to your PayPal account for this reason, you might be able to change it back with these steps:
- In a web browser, go to the PayPal official login page and select Forgot password?.
- Enter your email address in the box provided and select Forgot your email?.
- You’ll be asked for up to three email addresses you may have used with a PayPal account. Enter at least one email and click Next.
- If PayPal finds a match for the email address you entered, you’ll be prompted to log in with your password or create a new one. Choose I need to create a password and complete the instructions that follow.
If you still can’t log in to your PayPal account, you need to contact PayPal directly. Do not call any help lines listed in emails or invoices from PayPal because these may be linked to other PayPal scams. Instead, follow these instructions to call the official PayPal customer service line as a guest:
- Navigate to PayPal’s official website and navigate to the Contact Us section.
- Scroll to the bottom of the next page and select Call us listed underneath an image of a phone.
- You’ll be prompted to log in (which you cannot), so click call us as guest.
- On the next page, PayPal will provide the numbers to its official customer service lines for callers in and outside the U.S.
Be ready to provide your telephone number, email address associated with PayPal, and statements for the bank account or credit card that’s linked with your PayPal account.
Step 3: Update your PayPal account security settings
Once you’ve regained control of your PayPal account, you’ll want to immediately update certain settings to prevent further account breaches. Consider performing the following actions.
First, change your password to a stronger one. Include a mix of numbers, letters, and symbols and try for at least 12 characters.
Then, enable two-factor authentication (2FA) for an extra layer of security. This step only takes a few moments but is instrumental in preventing unauthorized access to your account. 2FA also acts as an alarm bell, notifying you that someone out there is attempting to log in to your account.
You should also reset your security questions by doing the following:
- Go to the PayPal website.
- Navigate to the settings menu by clicking the gear icon in the top-right corner of your dashboard.
- Click the Security tab.
- Select Update next to the “Security questions” section.
- Choose new security questions and click Save.
Finally, review your account information and recent activity to see if the hacker performed any other alterations or actions. Be on the lookout for changes to your contact information (such as backup email address and phone number) and personal details as well as any unrecognized pending or approved transactions.
Warning signs your PayPal account was hacked
Here is a list of red flags that could indicate a potential PayPal account breach:
- Trouble logging in: The first sign your account has been breached is when you cannot log in. Hackers commonly change the login credentials associated with PayPal accounts to give themselves more time to plunder the account.
- Unfamiliar transactions and transfers: Unrecognized suspicious activity is a hallmark signal that your account has been accessed and used by a hacker.
- Strange notifications: These can include password and email changes and login attempts from unfamiliar devices or locations.
- Denied payments: You may attempt to buy something only to realize your funds have been completely depleted because of a data breach.
- Unfamiliar devices: You can view and manage the devices used to log in to your PayPal account in Security Settings > Manage your logins. If there are unrecognized devices, browsers, or IP addresses listed, then someone has successfully hacked into your account.
How to report fraud to PayPal
It’s always a good idea to report any suspicious or fraudulent activity to PayPal. The steps to report fraud are different depending on what platform you’re using.
To report unauthorized activity or transactions on the PayPal app:
- Select Wallet.
- Select Activity.
- Choose the payment you wish to report.
- Select Report a Problem.
- Choose the reason for the report and follow the instructions.
To report unauthorized activity or transactions if you are using PayPal on a web browser:
- Navigate to the Resolution Center.
- Select Report a problem.
- Choose the payment you wish to report and select Continue.
- Select “I want to report unauthorized activity.”
- Complete the instructions that follow to report the activity.
Will PayPal refund me if I get scammed?
Yes, PayPal will refund you through its Purchase Protection program if you get scammed. You're covered through Purchase Protection if:
- You were charged for something you never purchased, which includes someone hacking your account and using it without your knowledge or approval.
- Your order never arrives.
- Your order arrives and is significantly different from how it was advertised or described.
For unauthorized transactions, Purchase Protection stipulates that you must notify PayPal within 60 days of the transaction in order to be eligible for a refund. For instances where an ordered item never arrives, or arrives significantly different than advertised, PayPal requires that you file a dispute within 180 days of your purchase or payment.
Once a dispute is opened, a hold is placed on the sale’s funds, and you and the seller are given 20 days to settle the matter. If an agreement cannot be reached, you can escalate the dispute to a claim, which puts PayPal in charge of both the investigation and outcome of the settlement.
How to protect your PayPal account
Cybercriminals never stop coming up with new and inventive ways to scam people, so keep these cybersecurity best practices in mind to protect your PayPal account:
- Avoid clicking suspicious links, even if they are in official-looking emails from PayPal: These can contain malware intended to give hackers access to your device and personal information — or even give them the ability to log your keystrokes.
- Don’t call customer service numbers in emails, texts, or other direct messages: Even emails that come from the official PayPal address may be linked to scams. If you need to contact PayPal’s customer service line, always manually search for the number from PayPal’s official website.
- Use strong, varied passwords: Use long, complex passwords and never reuse them. Consider using a password manager to help you keep track of all your passwords.
- Activate 2FA: While it may seem slightly inconvenient, triggering an extra verification request each time you log in is crucial to keeping hackers out of your account.
- Never give out personal information: PayPal gives sellers and buyers everything they need to successfully carry out transactions. There is never a good reason to give someone additional information about yourself or your account.
Best identity theft protection for financial accounts
When a hacker gets control of your PayPal, they gain access to your linked bank accounts and some of your personally identifiable information (PII). This data can help them steal your identity.
Be proactive in the fight against identity theft and consider using one of our favorite identity theft protection services:
- Aura: A well-rounded identity theft protection service that leverages artificial intelligence (AI) to combat identity theft. It comes with antivirus, virtual private network (VPN), and family plans that can help defend against child identity theft as well.
Get Aura | Read Our Aura Review - LifeLock: LifeLock offers unique features including 401(k) and investment account activity alerts, bank account takeover alerts, home title monitoring, and more. You also have the option of bundling in Norton antivirus with certain plan add-ons.
Get LifeLock | Read Our LifeLock Review - Identity Guard: Identity Guard excels at fraud monitoring and reporting. It has a clean interface design, includes a password manager, and is affordable and easy to use.
Get Identity Guard | Read Our Identity Guard Review
FAQs
What happens if someone hacked into my PayPal account?
If someone hacked into your PayPal account, they could make unauthorized transactions. They could also access any personal information or details you have associated with the account.
Can hackers steal money from PayPal?
Yes, if hackers gain access to your account, they can steal money from you. It's important to always use strong passwords and 2FA as well as monitor your accounts for any unauthorized activity.
How do hackers get into your PayPal account?
The most common way hackers get into PayPal accounts is through phishing schemes. In these schemes, hackers posing as PayPal send bogus emails to fool victims into giving up login information, clicking links that have malware in them, or calling fake customer service lines. If you reuse old passwords and don’t use 2FA, hackers have a much better chance of getting into your PayPal account.
Bottom line
If your PayPal account has been hacked, first change your password ASAP. If you cannot log in to your account because your email has been changed, either follow our instructions on how to recover your email address or contact PayPal immediately to recover it.
Once you regain control of your account, change your password, update your security questions, set up 2FA, and check your account activity for any alterations or transactions the hackers may have enacted.
Remember that staying safe online means being proactive and equipping yourself with the right knowledge and tools. If you primarily access PayPal on your mobile device, consider investing in the best antivirus for iPhone or Android to ensure your smartphone is safe.