PayPal is the target of a barrage of phishing attempts. McAfee Labs researchers have discovered a "spike in scams" targeting the online payment service. During February 2025, experts noted that the number of fraudulent emails increased sevenfold compared to January. In 24 hours, McAfee Labs sometimes counted more than 600 phishing emails. This is a "worrying trend" that should encourage users to be extremely cautious. This "wave has been attributed to a single, highly effective campaign." These malicious emails rely on identity theft. Cybercriminals try to impersonate PayPal to lull users' suspicions. The hackers then send "official-looking emails" topped with warnings intended to cause users to panic. As always, hackers want to scare their targets as much as possible. Remember that "cybercriminals rely on creating a sense of panic and urgency to cloud your judgment.".
To achieve this, they add warnings like "Action Required". In the email, they state "that your PayPal account requires an important update.". The email claims that PayPal intends to suspend the account if it fails to contact the user within 48 hours. Encouraged to update their PayPal account, the victim will click on the link in the email. This will open a fraudulent website designed to steal the user's login details and passwords. At the end of the operation, the scammers will have enough information to log into your account without your knowledge. However, they will still need to circumvent PayPal's anti-fraud mechanisms with a dedicated hacking tool. A plethora of such criminal solutions can be found on black markets.
The Scammers' Different Tactics
As McAfee explains, the campaign relies on "multiple approaches" to deceive users. In addition to "account suspension notices", there are also "offers of fake PayPal gift cards", fraudulent invoices for fake purchases, misleading paid surveys, fake customer service communications, or bogus payment requests. These are the "common scenarios" favored by cybercriminals.
If you receive emails like this, we recommend you take a step back before clicking on anything. McAfee advises never clicking "on links in emails or messages claiming to be from PayPal". If in doubt, "open a new browser window and log in directly to PayPal.com, or use the official PayPal app". This is the ideal solution to ensure that a communication is legitimate.
Furthermore, the researchers advise frequently monitoring "your PayPal account." By keeping an eye on your account, you can quickly spot unauthorized activity and report it to the payment service.
0 Comments