Warning over new PayPal phishing scam – here’s how to stay safe


PayPal users are being warned to be on the lookout for a new phishing scam.

The scam uses an old tried and tested technique into tricking users into handing over the login details to their account.

The scam starts by sending unsuspecting users an email which claims ‘unusual activity on your account’.

The email, which looks just like the real thing, claims that action is required in order to resolve a security issue with your PayPal account and access has been restricted until the issue is resolved.

To do this, you’ll need to follow the link in the email and log in to your PayPal account to confirm your identity.

The email claims that account access will remain restricted until you “complete the necessary steps”.

Users are then directed to a link in which to ‘review your account’ which redirects you to a bogus page controlled by the criminals behind the scam.

Users are then asked to submit not only their account login details but also their credit card details and even a selfie of them holding some form of ID such as a passport or ID card, security researchers from PhishMe discovered.

Be warned though, the page looks almost identical to the real thing, which is what helps to make this particular PayPal phishing scam so convincing.

Typically in these fake emails, whether they are claiming to be from PayPal, Apple, Google, or another well known organisation, there is usually some kind of giveaway that the email is a scam, be that a spelling mistake, typo, or grammatical error.

However, in this new scam there are no errors of that nature and even the email itself is very slick and well designed, making the whole thing worryingly convincing.

How to protect yourself from phishing scams

Phishing scams are increasingly common but if you know what to look for they can be fairly easy to spot.

– Be wary of emails which begin with generic greetings such as ‘Dear Sir’ or ‘Hello user’. PayPal always addresses users by both names in official emails.

– Double check the domain name of the sender. If it is anything other than paypal.com, delete the email right away.

– Hover over the any hyperlinks in the email. If they are going to an unfamiliar address don’t click on it.

– If the email asks you for sensitive data such as account credentials, passwords or credit card info this should set alarm bells ringing. PayPal says it will never ask for such information via email.

– If you receive an email which claims to be from PayPal but which you suspect could be scam, you can forward the email in question to spoof@paypal.com.


Comments are closed.