PayPal, one of the most used online payment systems in the world is facing a widespread phishing scam targeting its users to steal their login credentials. Phishing is a notorious fraudulent practice of sending emails disguised to be from reputable companies/organisations in order to induce individuals to reveal sensitive credentials.

Hackers have been sending fake emails making users believe that their PayPal account has been limited due to "some unusual activity" which can be resolved only by contacting PayPal by clicking on the link embedded in the email. Upon clicking on the link a login tab appears where users need to fill their PayPal email and passwords. These passwords are then skimmed by hackers who can use it later for online frauds.

How to avoid being a victim?

If you have a PayPal account and yet don't know how a phishing e-mail looks or how this particular fraudulent e-mail looks, here are few precautions to follow to avoid the scam:

  • Study and e-mail content and their URL closely when sent to my PayPal
  • Compare the e-mail to your previous account or transactions statements. The phishing e-mails will not have the same address
  • Make sure to mark this particular address as spam and delete it. Be careful though that you don't mark the actual PayPal address as spam
  • To be sure, open another PayPal page in a different window to check your account if there is indeed any issue. Always login from PayPal's official website. If nothing reflects then it is a fraudulent e-mail
  • This scam is asking for your social security number (SSN), so beware as PayPal never asks for that information
  • Genuine PayPal e-mails will have your full name as declared by you and your account details, so watch out for scam e-mails with incomplete information
  • The common practice by PayPal for any unauthorised transaction and other issues is to upload copies of bank statements and utility bills rather than feeding in the personal data by hand