PayPal Text Scams: Common Tactics
All PayPal scams follow a similar format and will try and inject a sense of urgency into your decision-making, but there are a variety of different types of PayPal scams. They’re all designed to try and coax you into handing over your login details.
Order confirmation scam texts will tell you that an order has been placed using your Paypal account, and you can check the status of the order by logging into your PayPal account via a link.
“Your account is suspended/blocked” scam texts will tell you that your account has been suspended, and you need to log in to either re-verify your details or withdraw your money from the account. “Your account has been restricted” is also a common variant of this format used by scammers.
Fraud alert scam textswill try and scare you into quickly clicking a link contained within the message by suggesting your account has been involved in some sort of fraud, or fraudulent payments have been sent from your account.
“Unusual activity” scam texts will falsely notify you that “unusual” activity has taken place on your account, and might instruct you to enter your details to confirm your identity as the account holder.
As we’ve mentioned, you can report these scams – as well as other scams – to phishing@paypal.com.
Receiving Random PayPal Security Codes
Some users have recently reported receiving security passcodes from PayPal seemingly at random, even though they haven’t attempted to log in to their PayPal accounts.
Unfortunately, this means that someone may have successfully guessed your passcode and is attempting to break through the two-factor authentication measures you’ve implemented on your account.
This is almost certainly the case if the messages are coming from a “short code” number, which is used by companies like PayPal to distribute messages en masse.
If you are receiving PayPal security codes you did not request via logging in, change your PayPal password immediately, and any other account that uses the same credentials.
PayPal Email Scams
As we’ve briefly discussed, along with PayPal text scams, PayPal email scams remain a problem. PayPal contacts customers by phone and email, so it’s natural that threat actors will impersonate the company across both platforms for maximal effect.
PayPal email scams have similar features to the text message versions. They almost always contain:
- Malicious links disguised as legitimate PayPal links
- An email address that mimics a legitimate PayPal email
- PayPal branding, logos, and other company and other PayPal insignia
- Spelling and grammar errors
However, Scammers are often finding new and inventive ways of conveying legitimacy in scam emails. Here’s an interesting example from Reddit that comes from a genuine PayPal address:
If you look a little closer, however, you’ll see some odd capitalization in the warning message at the bottom. What’s more, the customer support number in this email does not match the number listed on PayPal’s actual site.
“I believe what happened here is that the scammer opened a PayPal business account called “Target Premium service” and then generated an invoice from the web interface of that account” explains Reddit user No_River7337 in a thread. “This creates an invoice with comments to be delivered through PayPal via email to the intended recipient.”
Naturally, you should always inspect the part of the email where the address is listed because most phishing scams still come from shady addresses.
The above scam, however, should serve as a warning that a clean-looking email address is not a definitive trust signal. If you’ve received correspondence regarding a transaction you don’t recognize, do not proceed using contact details from that email.
How to Protect Yourself From PayPal Scams
Don’t worry if you’re not that tech-savvy, or generally unsure of the telltale signs of a phishing scam that impersonates PayPal, Geek Squad, Netflix or otherwise. There are a few simple principles you can deploy while you leaf through your emails and text messages that will significantly decrease your chances of falling victim to a PayPal scam.
If you suspect an email may be suspicious:
- Do not click links included within it
- Do not ring any phone number provided
- Do not reply to the email in any way
- Forward the email to phishing@paypal.com
Whatever the situation, we’d always advise starting your own line of communication with PayPal (i.e. contacting the company through its publicly listed customer support channels).
This is always the best course of action if you have any lingering doubts regarding the legitimacy of any given email, whether it’s from PayPal or another company. If in doubt, don’t reply, and certainly avoid clicking on anything.
Why Using Strong Passwords Is Crucial
If you fall for a scam like this and enter your details, the scammers will have the keys to the kingdom – your email address and password combination.
If like far too many online users, you re-use the same email address and password across multiple accounts, then you’ve inadvertently handed over your login details for multiple sites.
For that reason, we strongly recommend using a password manager. These simple tools can automatically generate unique, complex passwords for every site or service you use, and will log you in automatically.
See our reviews of the best password managers for more information about what’s on the market. On top of this, if you’re a PayPal customer, make sure you’re keeping your ear to the ground for the latest PayPal text scams.