- What is the PayPal Phishing Scam?
- Red Flags of the PayPal Phishing Scam
- How to Beat This PayPal Phishing Scam
- Have You Fallen for this PayPal Phishing Scam?
- Frequently Asked Questions
This PayPal phishing scam is dangerous as scammers could access the money in your bank accounts and your PayPal balance. The good news is, this PayPal scam is fairly easy to identify, as long as you know what to look for.
What is the PayPal Phishing Scam?
The key to beating this scam is to understand how it works and what the end goal is. Armed with this knowledge you'll be able to spot red flags and make sure you don't fall victim. Here's how it works.
You Receive an Email or Text Message
This PayPal phishing scam starts with you receiving communication from the scammer (or phisher), either by email or text message. Regardless of how it's delivered, the message will say that your PayPal account is permanently limited and will tell you to verify or secure your account by clicking the link.
Example Scam Text MessagePayPal : We've permanently limited your account, please click link below to verify https://signin-pyplsecurednotification.com/r/verifynow
Sincerely,
PayPal
The above is an example of what a text message version of the scam may read. If you receive an email, there may be more detail as to why your account is limited (e.g., because of unusual activity). You'll be asked to click a link/button to secure your account and verify your identity or something similar.
You Are Sent to a "PayPal" Login Page
If you click the link provided in the text or email, you'll be sent to the "PayPal" login page. The quotations around "PayPal" are deliberate here because although the login page may look every bit like it's the real PayPal login screen, it isn't. Do not enter your login information.
The Scammer Can Access Your PayPal and Linked Bank/Credit Card Accounts
If you enter your email/mobile number and password in the fake PayPal login screen, the scam is complete, and you have become a victim. The scammer now has your personal information and can log in to your PayPal account and do what they wish—which is to transfer money out of your PayPal and connected bank accounts into their own.
Red Flags of the PayPal Phishing Scam
The emails used in this PayPal phishing scam differ, but they all have the same motive and message. They all generally mention something about your account being limited or requiring some sort of verification due to changes or suspicious activity.
There are a few key things to look out for to determine whether or not the email/text is coming from PayPal or a scammer:
- The sender's email address: Scam emails will come from a non "@paypal.com" email address.
- The URL: Scam links will take you to a non "paypal.com" site.
- The greeting: Scam PayPal emails won't address you by your name or company name; they will use something generic like "Dear Customer."
- Whenever PayPal sends you communications about your account, they will always address you by your first and last name (or business name) and never "PayPal Customer" or "User," or something similar.
- Typos or grammatical errors: Scam emails are often riddled with misspellings, bad grammar, and extra spacing that PayPal wouldn't have in their communications.
- Sketchy PayPal logo: Scammers will often try to copy the PayPal logo, but it won't look identical. Below are the legitimate PayPal logos.
PayPal Phishing Scam Text Messages
The scammers' text messages are much shorter and simpler but have a similar message to the email, saying your account is limited and you need to click on a link to verify it.
PayPal : We've permanently limited your account, please click link below to verify https://signin-pyplsecurednotification.com/r/verifynow
Sincerely,
PayPal
Real Examples of How People Have Been Scammed
- Delores Reed was scammed out of $700 in three separate transactions after clicking on a fraudulent link. Her bank agreed to give her $300 back immediately; however, it is unreported whether she could retrieve the rest of her money.
- According to Action Fraud, the UK's National Fraud and Cyber Crime Reporting Centre, more than 20,000 fake PayPal emails were reported in 2020 alone, with victims losing a total of £7.8 million by September.
- A mother of two in the UK fell victim to this PayPal phishing scam and was only alerted to the fact when her bank contacted her, letting her know someone tried to take out two loans totaling £11,000.
How to Beat This PayPal Phishing Scam
Unfortunately, there's no real way to avoid being a target of this PayPal phishing campaign other than deactivating your PayPal account altogether, which isn't feasible for many of us. Scammers target anyone with a PayPal account, regardless of how often you use the platform or what you use it for.
In this scam, the scammer impersonating PayPal will contact you either by email or text message. Regardless of the contact method, to beat this scam:
- Do not click on any links provided in either the fake emails or text messages.
- Do not enter your login credentials (or any personal information), if you do happen to click on the link.
If you ever receive an email or text message from PayPal asking you to log in to your account, go to your web browser and type "https://paypal.com" into the address bar directly (versus clicking on any link provided in the email or text). This will ensure you're going to the actual PayPal website and not a fraudulent version created by the scammer.
It's important to verify links and contact details to beat imposters.
If you log in to your PayPal account and there's no indication or message from PayPal stating that your account has been limited or needs verification, then you were indeed contacted by a scammer.
The goal of this PayPal scam is to trick you into thinking you're on the legitimate PayPal login screen and have you enter your username and password. Once you enter this information, it is sent to the scammers, and they will gain access to your account and your money.
Check the Sender's Email Address
If you receive an email, you'll be able to identify it as a scam by checking the sender's email address. Many scammers will use a non-PayPal email, and this is easily identifiable in the email itself. Note that we're talking about the actual email address and not the sender's name.
For example, the scammer can easily change the "name" on their email account to something like "PayPal Services," but the actual email address is something like "[email protected]." These random email addresses are your first clue to identifying a scam.
Scammers can change their email name to look like it's from PayPal, but they can't mimic a legitimate PayPal email. Pay attention to the sender's email address (e.g., [email protected]) and not the name (e.g., PayPal Customer Service).
Check the Link or Button URL
Nothing serious will happen if all you do is click the link—so if you do click it, don't panic. What you need to do at this point is to pay close attention to the actual URL you're now on. If it's a scam, it will not include PayPal.com in the URL as the primary domain. Instead, it will be something like "https://signin-pyplsecurednotification.com/r/verifynow."
This is all the proof you need to know this is a scam.
If PayPal sends you an email or text about your account and needs you to verify something, you'll be sent to a URL starting with "https://paypal.com."
Safety Tip
If you're not 100% sure whether an email is from PayPal, do not click the link. Instead, access your PayPal account by typing "https://paypal.com" into your web browser directly.
Enable Two-Factor Authentication in PayPal
To protect yourself even further, enable two-factor authentication (2FA) in PayPal. 2FA means the scammers won't be able to log in to your PayPal account even if they have your username and password. They will need the additional verification code sent to your phone—i.e., the second factor.
When the scammer tries to log in to your account, they'll require either:
- A verification code (sent to your phone via text)
- A code from an authenticator app
- Your security key
The scammers won't have access to any of these codes or keys if you have 2FA set up on your PayPal account and won't be able to access your account, even though they have your login information.
How to Enable 2FA in PayPal
You'll have three different options to choose from for your second layer of security:
- Have PayPal text you a code whenever you or someone else tries to log in to your PayPal account from an unknown device
- Use an authenticator app (such as Google Authenticator)
- Enter a temporary security key (sent to you via text message) along with your username and password whenever you log in to PayPal
To activate two-factor authentication in PayPal, follow these steps:
- Log in to your PayPal account.
- Go to your Profile Settings (found by hovering over your name in the top right-hand corner).
- Find "2-step verification" and click "Update."
- Follow the instructions to set up 2FA
Safety Tip
To safeguard your money further, link your credit card to your PayPal account instead of a checking or savings account. Many credit cards have additional fraud protection provided by your bank, so your money is still safe if you are scammed.
Have You Fallen for this PayPal Phishing Scam?
PayPal is indeed aware of the phishing scams that are becoming all too common, not just in the U.S. but in other countries like Canada, Australia, the United Kingdom, Germany, and other European countries. What's great about PayPal is that they are actually trying to do something about it.
If you've fallen for this scam, follow these steps.
Change Your PayPal Password Immediately
The first thing you should do once you identify the scam is change your PayPal password so the scammers no longer have access to your account. You should also enable two-factor authentication if you haven't already done so.
Report Scam Emails to PayPal
If you receive any phishing emails, PayPal asks that you forward them to [email protected] without altering anything within the email or the subject line. Forward the scam text messages to "7726" or "SPAM."
A PayPal representative will then let you know whether it is, in fact, a scam or not. Unfortunately, PayPal only protects you if:
- You were charged for an item that you never purchased in the first place.
- You bought something that never arrived.
- Your order arrives, but it's significantly different.
PayPal does not specifically mention any protection over money lost from phishing scams.
Report the PayPal Phishing Scam to Your Financial Institutions
If the scammer stole money from your linked bank account or credit card, report the fraudulent transaction to your bank immediately. Most banks will credit some (if not all) of the money lost, especially if you lost money from a credit card.
Report the Scam to the Authorities
You can also report PayPal scams to the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3). Doing this will help the authorities stop the scammers and educate others on how not to fall victim.
Comments