According to this email, which purports to be from PayPal, your account has been limited because the company suspects that someone could be using your account without your knowledge.
The email claims that you must complete one or more tasks to remove the account limitation and instructs you to open an attached file to begin the process.
However, PayPal did not send the email and your account has not been limited as claimed. In fact, the email is a phishing scam designed to steal your personal and financial information.
Clicking the attachment opens a PDF that supposedly contains more information about the account limitation. It urges you to click a “Get the Details” button to continue.
If you do click, you will be taken to a fake website with stolen PayPal branding and asked to log in with your PayPal email address and password.
Next, the following “account limited’ warning will appear:
Clicking the “Secure My Account” button opens a form that asks for your name, date of birth, mother’s maiden name, and contact details.
Next, you will be asked to supply your credit card information.
Then, you will be asked to upload an ID document such as your passport or driver’s license.
Finally, you will be instructed to upload a “selfie” image to complete the identification process.
After supplying the requested information, you will see a final “confirmation” page that claims that you have successfully updated your account and removed the supposed limitation. You will then be redirected to the genuine PayPal website.
At this point, you may still not realize that you have just given a great deal of your personal information to online criminals. The crooks will now have enough information to:
- Hijack your PayPal account and commit fraudulent transactions.
- Use your credit card to commit further fraud.
- Steal your identity.
PayPal scam messages like this one are common and take many forms. Be cautious of any message that claims to be from PayPal and demands that you open an attachment or click a link to resolve a supposed account issue.
Remember that genuine PayPal messages will always address you by name. They will never use generic greetings such as “Dear Customer”. It is always safest to access your PayPal account by entering the address into your browser’s address bar or via a trusted app.
You can report PayPal phishing scam emails via the reporting email address listed on the company’s website.