Money stolen from 1000 people in just a day via PayPal scam

Cybersecurity specialists have issued an alert related to a PayPal phishing campaign. These fraudulent emails mention that the user’s account was limited due to a violation of company policies, trying to steal confidential information from victims, a report from The Mirror mentioned.

Threat actors ask users to update or verify the security of their account by clicking on an attachment. These links lead victims to legitimate-looking websites, although they are actually fraudulent sites created to steal PayPal login credentials in addition to other data.    

The attack, detected in the UK, has already affected at least a thousand users: “We have received over a thousand reports over the last 24 hours related to fraudulent PayPal emails,” says Action Fraud, a British fraud prevention agency.

Pauline Smith, director of Action Fraud, said: “These messages are used by hackers to gain access to victims’ personal and financial data, which could result in cash theft and identity fraud.” It is very common for threat actors to falsify legitimate phone numbers and email addresses to trick users into stealing their confidential information.

In this regard, a PayPal spokesperson said, “We do everything we can to protect our customers, but there are some precautions we all need to take to avoid being victims of scams.” The company remembers that its users should not share information related to their account by email, phone or any other means.

“All communications between PayPal and account holders are established through the secure message center within the platform,” the spokesperson adds.

The company is sending a legitimate email to potentially affected users. Because PayPal uses the full name of users, it will be easier for them to identify between company messages and an attempted scam. Other indicators of suspicious activity are spelling and writing errors, threats of collections, offers too good to be true, among other signs.