Hackers and scammers have hit the ground running in 2021, launching an extensive new phishing campaign that targets the legions of PayPal users around the world. The campaign is being run on both text message and email channels and if you’re a PayPal user, you may have already seen it. If you haven’t, in the days and weeks ahead, you’ll probably get a text or an email to the effect that the company has detected suspicious activity on your account.
It will say the company has taken the step of “limiting” your account, which puts restrictions on withdrawing, sending or receiving money. Whether you get the text or email variant of the communication, the scammers will “helpfully” include a link, and ask you to verify your account information in order to remove these restrictions.
Naturally, this isn’t a legitimate PayPal communication and if you tap or click on the link, you’ll be sent to a spoof page that looks like it contains a PayPal login box. Unfortunately, if you attempt to log in, all you’ll be doing is handing your login credentials over to the scammers, giving them unfettered access to your account. If you maintain a balance in your PayPal account, it will be promptly drained. If you have bank accounts or credit cards linked to your account, you can expect them to be abused.
This isn’t a new idea or a new type of campaign, but it is one of the first coordinated efforts we’ve seen in 2021 and as such, it pays to be aware of it.
If you get a communication regarding your PayPpal account and you even suspect that it might be true, rather than relying on the link supplied in the text or email, open a new tab and navigate to PayPal’s login page manually. That’s the easiest way to avoid this type of scam.