I got this email today and was suspicious, so i sent it to [email protected] to get it checked, if you get one of these DO NOT RESPOND or click any of the links! Certificate Expire Notification. Dear xxxx, At PayPal, security is among our top priorities and we are continually innovating to deliver the strongest protection possible. This includes adapting our environments and upgrading merchant integrations in order to be compliant with current industry standards, such as those set by the Payment Card Industry (PCI) Security Standards Council. PayPal's existing application program interface (API) certificate credentials are 1024-bit, SHA-1 certificates and they can have an expiration date up to and beyond 10 years. As of 4 February 2016, all new PayPal API certificate credentials issued are 2048-bit, SHA-256 certificates with an expiration date every three years. Please note that after 31 December 2017, PayPal will cease support of any 1024-bit, SHA-1 certificate, regardless of expiration date. To avoid service disruption to your API integration, you will need to replace your current 1024-bit, SHA-1 API certificate with a new 2048-bit, SHA-2 certificate before 31 December 2017. You are receiving this notification because, according to our records, your PayPal-issued API certificate is 1024-bit, SHA-1. The API certificate that is associated with the PayPal business or premier account, has an expiry date after 31 December 2017. To help you through this process, we have created a set of instructions on how to download and install a new certificate. You can find those instructions and other detailed information on our Merchant API Certificate Credentials Upgrade Microsite. We appreciate your patience and support in protecting our customers and their payments. Best regards, PayPal Paypal's response: " Thank you for partnering with PayPal to combat fraudulent emails. We take reports of suspicious email very seriously. Your submission helped us take the appropriate action needed to protect our customers. We analyzed your report and determined that the suspicious email was likely fraudulent ".