PayPal Phishing Emails Rank as #1 Spoofed Scam – How to Protect Your PayPal Account and Money
PayPal phishing emails rank as the number one spoofed brand in email scams according to data from cyber security researchers at VadeSecure. Hackers send phishing emails disguised to impersonate authentic PayPal communications. The PayPal phishing emails are actually various scams to steal money from PayPal account holders.
In 2019, the number of PayPal phishing URLs (links) increased 167.8% with 16,547 unique PayPal phishing URLs for an average of nearly 180 links per day.
Microsoft was the top phishing scam spoofed brand for that past five consecutive quarters. Microsoft branded phishing URLs totaled 13,849 which is a 31.5% decrease from second quarter 2019.
People and businesses can use PayPal to receive money in over 100 currencies and withdraw money in 56 currencies.
PayPal Phishing Email Examples
- European Last reminder before judicial action PayPal Phishing Scam
- PayPal Ryanair Phishing Scam
In October 2019, cybersecurity researchers at Vade discovered a PayPal phishing email campaign that targeted over 700,000 people in Europe. The emails threatened people with legal action using subject lines like “Last reminder before judicial action.” The PayPal phishing emails attempted to extract 45 Euros from scared victims as payment. The phishing email targets were offered a few payment methods including a US physical mailing address, a pay-call telephone number, and a spoofed PayPal URL. If the victims clicked on the spoofed link, they were redirected to a spoofed PayPal webpage.
Use code NEWLEGEND22
Another PayPal phishing email scam sent a fake receipt to targets informing them they had sent a payment to Ryanair totaling £356.98. Since the recipients had not purchased airfare, they looked to cancel and refund the payment. The spoofed email receipt contained a PayPal link to “Click Here to cancel this payment.” If the scam victim clicked the link to request a refund, they were taken to a spoofed PayPal webpage and asked to enter their credentials. Hackers were then able to use the login information to gain access to their PayPal logins and transfer money out of the account.
How Do I Know If a PayPal Email Is Legit?
If you received an email seemingly from PayPal that states you’ve received a payment, just log in to your PayPal account and confirm the activity.
How Can You Tell A Fake PayPal Email?
Fake, fraudulent, spoof, or phishing emails commonly have the following qualities.
- The email does not address you by your first and last name. Emails that use impersonal or generic greetings like “Dear user” or “Dear your email address” are suspect
- The email contain links to account pages
- Emails that contain attachments are suspicious even if you believe you know the sender
- The email attempts to scare you into taking action or convey a sense of urgency
- Threatens to suspend your account
- The email contains a notification that you’ve been paid when you are not expecting a payment
- If you have been paid too much, it may an attempt to get your credentials
What is PayPal?
PayPal Holdings Inc was founded in 1198 under the name Confinity. IT was acquired by eBay in 2002 and subsequently spun off in 2015., is the most widely used online payment service in the world. PayPal has with over 286 million accounts and supports money transfers and credit card processing.
PayPal bought Xoom, an international money transfer platform, in 2015 and expanded to 32 more countries including Austria, France, Germany, Italy, Spain, and Portugal. The company also owns Venmo, Braintree, iZettle, and Tradera.
Where is PayPal Accepted?
FTC Settles with PayPal Over Venmo Privacy and Security Violations
PayPal can be used for payments online and in stores. It is the fifth most popular payment method that retailers accept. Visa credit cards are number one. PayPal is accepted as payment information by 200 million businesses worldwide.
How Do I Report Phishing Emails to Paypal?
If you receive a PayPal phishing email, forward the entire email to firstname.lastname@example.org. Do not alter the subject line or forward the message as an attachment. Then delete the suspicious email from your inbox.