Fishing Hooks in email @ symbol
Home ScamsPhishing Scams ‘Suspicious Activity’ PayPal Phishing Scam Email

‘Suspicious Activity’ PayPal Phishing Scam Email

by Brett M. Christensen

PayPal customers are currently being targeted in yet another phishing attack. 

Criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore verify your account before it can be used again.

It warns that your account will be limited if you do not complete the verification and urges you to click a link to go to your account.

The email is not from PayPal and the suspicious activity claims are untrue.

Here’s what the initial scam email looks like:

PayPal Suspicious Activity Phishing Scam

If you do click the link in the scam email, you will be taken to a bogus website that has been designed to look like it belongs to PayPal.  You will then be prompted to login with your PayPal email address and Password.

After you login, the following notice will appear:

PayPal Phishing Scam Notification Page

If you click the “Continue” button, you will then be taken through a series of fake “Resolution Center” forms that ask for your name and contact details, identity information such as your driver’s licence number, your credit card details, and other sensitive personal and financial information:

PayPal Scam Fake Update Form

At the end of the process, you will see a final message claiming that you have successfully verified your account and lifted the supposed restriction.

Meanwhile, the scammers can hijack your PayPal account and use it to conduct fraudulent transactions.  They can also fraudulently use your credit card. And, because they have collected a large amount of your personal and financial information, they may also be able to steal your identity.
Online criminals almost continually target PayPal customers in scam campaigns like this one.

PayPal does regularly communicate with its customers via email and the company may send messages notifying you of problems with your account.  But, remember that genuine PayPal emails will ALWAYS address you by name. They will not use generic greeting such as “Dear Customer”. Nor will they use your email address as a greeting.

PayPal will NOT send you an email that demands that you click a link to resolve an account problem, deal with a security issue, or update account details.

It is always safest to login to your PayPal account by entering the address into your browser’s address bar or via a trusted app.

PayPal includes information about phishing and how to report scam messages on its website.