PayPal Phishing Email Unusual Activity

PayPal Phishing Email Unusual Activity

PayPal Phishing Email Unusual Activity – Malicious PayPal phishing email attack targets PayPal customers – Attempts to steal account login credentials, payment card numbers, and personal information

A malicious PayPal phishing email cyber attack targets PayPal customers and attempts to steal account login credentials, payment card numbers, and personal information. Researchers at ESET in Latin America issued a warning about the latest cyber attack which scares victims by warning them of supposed unusual activity on their PayPal accounts. This is an especially vicious PayPal phishing email as not only does it attempt to steal PayPal user’s username and password, it uses a spoof website to steal banking credentials, email addresses, passwords, personal information about the account holder, and password reset question answers.

PayPal was the number one spoofed company for phishing scams in the third quarter of 2019.

READ: PayPal Phishing Emails Rank as Top Scam

The body of the PayPal phishing email deploys a common scare tactic used by hackers. The email informs PayPal customers that there has been a suspicious login from an unknown device. The email directs the reader to click on a link which leads to a spoof (fake) PayPal website. The email recipient is convinced that PayPal has placed account limitations on their account, and they need to rectify the situation. The goal of the phishing email is to obtain the login credentials to the user’s PayPal account.

Clicking links in the phishing email leads to the spoof website which looks like a legitimate PayPal website. However, the scam website user PayPal credentials and any money that is in the account. This PayPal phishing campaign is especially nasty because the hackers go on to collect more than just the PayPal username and password.

ESET PayPal Phishing Email Screenshot
Image: ESET PayPal Phishing Email Screenshot

Hackers direct PayPal customers to fill out a web form with their name, billing address, phone number, and birthdate. The form also prompts victims for more payment cards including credit cards along with the CVV code as well as bank debit cards. The spoof website asks for mother’s maiden name to use to reset account passwords.

The fake PayPal spoof website is especially tricky to detect because it is using an HTTPS secure connection. With HTTPS website visitors will not receive a security warning in from their web browser – Chrome, Safari, Firefox, or other. It’s very important for PayPal users to examine the URL of the website that they are on. Read it and then check it again. Do not click on any links in any email from PayPal. If you are concerned about your PayPal account, log in and check the communication center to see if there is something that needs attention.

How Can You Tell A Fake PayPal Email?

Emails from PayPal will always address you by your first and last names or by your business name. PayPal does not send scary warnings via email. All account communications can be read from by logging into your PayPal account. Some common PayPal Phishing emails have the following subject lines:

  • “Your account is about to be suspended.”
  • Your PayPal is flagged for ‘unusual activity’
  • “You have been paid.”
  • “You have been paid too much.”
  • Requests to review your account

The email may have attachments which is something PayPal never does. The email might address you with generic greetings like “Dear user” or “Hello PayPal member”. PayPal phishing emails may also ask you to click on a link to a spoof website or convey a false sense of urgency to rectify a problem.

Will PayPal Send Me A Text Message for Suspicious Activity?

PayPal does not send text messages for suspicious activity. Customers should check any suspicious texts by logging into PayPal directly. Do not click on links in the text message.

Does PayPal Send Emails About Suspicious Activity?

No. PayPal does not send emails to customers to warn them of suspicious activity or stating that their account has been suspended and needs to be reviewed. They may receive emails that informing them that they have received money and that they need to login to accept it. PayPal customers may also receive marketing emails for purchases they did not complete or for offers.
For account limitation emails and all other communications, users can log into their PayPal accounts to read the message. This is the most secure way to ensure an email is not a PayPal scam.

READ: How to Avoid Email Phishing Scams

How Do I Know If an Email from PayPal Is Genuine?

To ensure a PayPal email is look carefully at it structure and contents. Legitimate PayPal emails are only sent from email addresses. The email address should use as the sending domain name. Email addresses like and other variations are scams. Scammers use sometimes spoof email friendly names to trick recipients into thinking they are reading a genuine PayPal email.

If you don’t know the difference between an email box address and the friendly name, read our guide on how to tell them apart. To spot any phishing email you will have make sure that the email is coming from and not a name used in your email contacts list.

READ: How to Spot a Phishing Email

A genuine PayPal email should address the recipient you by their first name or business name. The email will never raise alarm and require that you act immediately to avoid a penalty. If you have any doubt that an email is genuine, visit the secure message center in your PayPal account.

Keeper Password-Security
Keeper Password-Security

PayPal Phishing Email – What do Do Next

If you receive a suspicious PayPal email or are not sure if it is a SPAM email, then don’t follow any of the instruction in the email. Phishing emails are written to scare the reader into thinking they must take immediate action or alarm them by telling they have been the victim of theft. Check the legitimacy of a PayPal phishing email or any communications by logging into your PayPal and visiting the PayPal communications center. If the email does not appear in the secure communications center, then it is a scam.

  1. Do not click on any links in the email. Doing so will give the hacker login details which gives them access to your PayPal account
  2. Mark the email as SPAM and delete it
  3. Block the domain name that sent them email
  4. Change your PayPal Password
  5. Use a difference password for each online account. If you cannot keep track of multiple passwords then use a passowrd vault to help you.

How Do I Report a PayPal Scammer?

To report a PayPal scammer that sent a phishing email just forward the email, in its entirety, to [email protected] Don’t change anything in the subject line or forward the message as an attachment. After it is sent, mark the email as spam and then delete it from your inbox.

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers