Fake PayPal / Venmo / Zelle payment pending phishing — non-official sender impersonates PayPal, Venmo, Zelle, or Cash App falsely claiming the recipient has a pending payment, money transfer, or funds on hold and directing them to log in, verify their account, or click a link to claim or release the funds through a credential-harvesting portal

Phishing emails impersonating PayPal, Venmo, Zelle, or Cash App falsely claiming the recipient has a pending payment, money transfer, or funds on hold — and directing them to log in, verify their account, or click a link to claim or release the funds through a credential-harvesting portal. Once credentials are captured, the attacker drains the linked bank account or payment balance and changes security credentials to lock the victim out. Key facts: (1) FBI IC3 2023: payment app fraud caused $210M+ in losses; PayPal and Venmo impersonation are among the top 10 most-reported phishing brands; (2) Legitimate PayPal/Venmo/Zelle payment notifications arrive from official domains (paypal.com, venmo.com, zellepay.com) with List-Unsubscribe headers — they never send cold unsolicited "pending payment" emails from non-official domains; (3) "Claim within 24 hours or funds expire" framing is false urgency — Venmo transfers do not expire, and PayPal payments do not disappear without recipient action after a few days; (4) Zelle transfers are effectively immediate and irreversible — any "payment on hold pending verification" email from Zelle is fraudulent, as Zelle does not hold payments. Warning signs: sender domain not matching official app domain, "payment pending" or "funds on hold" from an unsolicited email, log-in or verify link for a payment you did not request.