Identified Scam:

Imposters Steal Your Information in PayPal Phishing Scam

Beware of fake PayPal emails and text messages that ask you to verify your account—this is a scam.


Verified.org
Updated 6 January 2021
Imposters Steal Your Information in PayPal Phishing Scam
Share to
Identified Scam:

Key Finding

Fake PayPal emails and text messages are circulating urging users to verify their accounts.


Key Risk

Your PayPal account and balance, as well as your linked bank and credit card accounts (i.e., your money), are at risk.

Sections on this page
  1. What is the PayPal Phishing Scam?
  2. How to Avoid and Beat This PayPal Phishing Scam
  3. Examples of the PayPal Phishing Scam
  4. Fallen for this PayPal Phishing Scam?
  5. Frequently Asked Questions

This PayPal phishing scam is dangerous as scammers could access the money in your bank accounts and your PayPal balance. The good news is, this PayPal scam is fairly easy to identify, as long as you know what to look for. 

What is the PayPal Phishing Scam?

The key to beating this scam is to understand how it works and what the end goal is. Armed with this knowledge you'll be able to spot red flags and make sure you don't fall victim.

1. You Receive an Email or Text Message

This PayPal phishing scam starts with you receiving communication from the scammer (or phisher), either by email or text message. Regardless of how it's delivered, the message will say that your PayPal account is permanently limited and will tell you to verify or secure your account by clicking the link.

Example Scam Text Message

PayPal : We've permanently limited your account, please click link below to verify https://signin-pyplsecurednotification.com/r/verifynow

Sincerely,
PayPal

The above is an example of what a text message version of the scam may read. If you receive an email, there may be more detail as to why your account is limited (e.g., because of unusual activity). You'll be asked to click a link/button to secure your account and verify your identity or something similar.

2. You Are Sent to a "PayPal" Login Page

If you click the link provided in the text or email, you'll be sent to the "PayPal" login page. The quotations around "PayPal" are deliberate here because although the login page may look every bit like it's the real PayPal login screen, it isn't. Do not enter your login information.

3. The Scammer Can Access Your PayPal and Linked Bank/Credit Card Accounts

If you enter your email/mobile number and password in the fake PayPal login screen, the scam is complete, and you have become a victim. The scammer now has your personal information and can log in to your PayPal account and do what they wish—which is to transfer money out of your PayPal and connected bank accounts into their own. 

How to Avoid and Beat This PayPal Phishing Scam

In this scam, the scammer impersonating PayPal will contact you either by email or text message. Regardless of the contact method, to beat this scam:

  • Do not click on any links provided in either the fake emails or text messages.
  • Do not enter your login credentials (or any personal information), if you do happen to click on the link.

If you ever receive an email or text message from PayPal asking you to log in to your account, go to your web browser and type "https://paypal.com" into the address bar directly (versus clicking on any link provided in the email or text). This will ensure you're going to the actual PayPal website and not a fraudulent version created by the scammer.

Contact Details

PayPal



Verified.org

Verified Contact Details

It's important to verify links and contact details to beat imposters.

If you log in to your PayPal account and there's no indication or message from PayPal stating that your account has been limited or needs verification, then you were indeed contacted by a scammer.

The goal of this PayPal scam is to trick you into thinking you're on the legitimate PayPal login screen and have you enter your username and password. Once you enter this information, it is sent to the scammers, and they will gain access to your account and your money.

How to Identify the PayPal Phishing Scam

There are three key things to look out for to determine whether or not the email/text is coming from PayPal or a scammer: 

  1. The sender's email address: Scam emails will come from a non "@paypal.com" email address.
  2. The URL: Scam links will take you to a non "paypal.com" site.
  3. The email greeting: Scam PayPal emails won't address you by your name or company name; they will use something generic like "Dear Customer."

Check the Sender's Email Address

If you receive an email, you'll be able to identify it as a scam by checking the sender's email address. Many scammers will use a non-PayPal email, and this is easily identifiable in the email itself. Note that we're talking about the actual email address and not the sender's name. 

For example, the scammer can easily change the "name" on their email account to something like "PayPal Services," but the actual email address is something like "[email protected]" These random email addresses are your first clue to identifying a scam.

Scammers can change their email name to look like it's from PayPal, but they can't mimic a legitimate PayPal email. Pay attention to the sender's email address (e.g., [email protected]) and not the name (e.g., PayPal Customer Service). 

Check the Link or Button URL

Nothing serious will happen if all you do is click the link—so if you do click it, don't panic. What you need to do at this point is to pay close attention to the actual URL you're now on. If it's a scam, it will not include PayPal.com in the URL as the primary domain. Instead, it will be something like "https://signin-pyplsecurednotification.com/r/verifynow."

This is all the proof you need to know this is a scam. 

If PayPal sends you an email or text about your account and needs you to verify something, you'll be sent to a URL starting with "https://paypal.com."

Is the Greeting Personal?

Whenever PayPal sends you communications about your account, they will always address you by your first and last name (or business name) and never "PayPal Customer" or "User," or something similar. 

Additional Tell-Tale Signs of PayPal Phishing Scams

Some other signs that the email or text message is not actually from PayPal and is a scam include:

  • Sketchy PayPal logo: Scammers will often try to copy the PayPal logo, but it won't look identical. Below are the legitimate PayPal logos.
  • Typos or grammatical errors: Scam emails are often riddled with misspellings, bad grammar, and extra spacing that PayPal wouldn't have in their communications.

PayPal logo stacked
True PayPal stacked logo
PayPal logo version 2
True PayPal horizontal logo

Safety Tip

If you're not 100% sure whether an email is from PayPal, do not click the link. Instead, access your PayPal account by typing "https://paypal.com" into your web browser directly. 

Enable Two-Factor Authentication in PayPal 

To protect yourself even further, enable two-factor authentication (2FA) in PayPal. 2FA means the scammers won't be able to log in to your PayPal account even if they have your username and password. They will need the additional verification code sent to your phone—i.e., the second factor. 

When the scammer tries to log in to your account, they'll require either:

  • A verification code (sent to your phone via text)
  • A code from an authenticator app
  • Your security key

The scammers won't have access to any of these codes or keys if you have 2FA set up on your PayPal account and won't be able to access your account, even though they have your login information.

How to Enable 2FA in PayPal

You'll have three different options to choose from for your second layer of security:

  1. Have PayPal text you a code whenever you or someone else tries to log in to your PayPal account from an unknown device
  2. Use an authenticator app (such as Google Authenticator) 
  3. Enter a temporary security key (sent to you via text message) along with your username and password whenever you log in to PayPal

To activate two-factor authentication in PayPal, follow these steps:

  1. Log in to your PayPal account.
  2. Go to your Profile Settings (found by hovering over your name in the top right-hand corner).
  3. Find "2-step verification" and click "Update."
  4. Follow the instructions to set up 2FA 

Safety Tip

To safeguard your money further, link your credit card to your PayPal account instead of a checking or savings account. Many credit cards have additional fraud protection provided by your bank, so your money is still safe if you are scammed.

How to Avoid Being a Target of the PayPal Phishing Scam

Unfortunately, there's no real way to avoid being a target of this PayPal phishing campaign other than deactivating your PayPal account altogether, which isn't feasible for many of us. Scammers target anyone with a PayPal account, regardless of how often you use the platform or what you use it for. 

Examples of the PayPal Phishing Scam

The emails used in this PayPal phishing scam differ, but they all have the same motive and message. They all generally mention something about your account being limited or requiring some sort of verification due to changes or suspicious activity.

Example of PayPal phishing email
Tell-tale signs of a fake PayPal email include a non-PayPal sender's address, typos, and bad grammar.

PayPal Phishing Scam Text Messages

The scammers' text messages are much shorter and simpler but have a similar message to the email, saying your account is limited and you need to click on a link to verify it.

PayPal : We've permanently limited your account, please click link below to verify https://signin-pyplsecurednotification.com/r/verifynow

Sincerely,
PayPal

PayPal phishing scam text message
Example of a PayPal phishing scam text message.

Real Examples of How People Have Been Scammed

  • Delores Reed was scammed out of $700 in three separate transactions after clicking on a fraudulent link. Her bank agreed to give her $300 back immediately; however, it is unreported whether she could retrieve the rest of her money. 
  • According to Action Fraud, the UK's National Fraud and Cyber Crime Reporting Centre, more than 20,000 fake PayPal emails were reported in 2020 alone, with victims losing a total of £7.8 million by September.
  • A mother of two in the UK fell victim to this PayPal phishing scam and was only alerted to the fact when her bank contacted her, letting her know someone tried to take out two loans totaling £11,000.

Fallen for this PayPal Phishing Scam?

PayPal is indeed aware of the phishing scams that are becoming all too common, not just in the U.S. but in other countries like Canada, Australia, the United Kingdom, Germany, and other European countries. What's great about PayPal is that they are actually trying to do something about it. 

If you've fallen for this scam, follow these steps. 

1. Change Your PayPal Password Immediately

The first thing you should do once you identify the scam is change your PayPal password so the scammers no longer have access to your account. You should also enable two-factor authentication if you haven't already done so.

2. Report Scam Emails to PayPal

If you receive any phishing emails, PayPal asks that you forward them to [email protected] without altering anything within the email or the subject line. Forward the scam text messages to "7726" or "SPAM." 

A PayPal representative will then let you know whether it is, in fact, a scam or not. Unfortunately, PayPal only protects you if:

  • You were charged for an item that you never purchased in the first place.
  • You bought something that never arrived. 
  • Your order arrives, but it's significantly different. 

PayPal does not specifically mention any protection over money lost from phishing scams. 

3. Report the PayPal phishing scam to Your Bank or Financial Institution

If the scammer stole money from your linked bank account or credit card, report the fraudulent transaction to your bank immediately. Most banks will credit some (if not all) of the money lost, especially if you lost money from a credit card. 

4. Report the Scam to the Authorities

You can also report PayPal scams to the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3). Doing this will help the authorities stop the scammers and educate others on how not to fall victim.

Frequently Asked Questions

How do I know if a PayPal email is real?

There are several tell-tale signs of a fake PayPal email, including:

  • The sender's email address not coming from @paypal.com
  • Grammatical and spelling errors
  • Not using a personalized greeting

What does a PayPal phishing email look like?

Some scam PayPal emails can look very much like legitimate emails from PayPal, making the scam easy to fall for. You can immediately tell a scam email from a real one by looking at the sender's email address. If it's not coming from an @paypal.com email address, it's a scam. 

How do I report a phishing email or text to PayPal?

Forward the phishing email in its entirety to [email protected] Forward scam text messages to "7726" or "SPAM." 

What other PayPal scams are common?

Aside from this PayPal phishing scam, other common PayPal scams include:

About This Article

Share This Article to Help Others

Comments