Watch out for new PayPal phishing text messages

New PayPal smishing messages say that users' accounts are “limited”

PayPal phishing "limited" SMSCybercriminals are sending our PayPal "limited" phishing messages to acquire users' personal information

A new PayPal phishing campaign[1] tries to steal account logins and other personal information. Malicious actors are sending users text messages which claim that their accounts are permanently “limited” and urge them to log in and verify their identity via a given link.

Just as it is typical with PayPal phishing messages, this scam also includes all the necessary components to trick users – a short claim that threatens with consequence and a fake link that redirects users to a spoofing website:

PayPal: We've permanently limited your account, please click the link below to verify


If you've received a message like that, you should not click on the hyperlink as PayPal would never send text messages about accounts being limited. The company only sends emails that include such information, and it always contains an explanation for the limitation.[2]

Payment systems and platforms like this are often used by malicious actors and scammers. Zelle payment platform scams are as common as PayPal scams. These can be found on social media and involve fake emails with personal detail fishing links. Money can be quickly transferred if you continue on dangerous pages or emails.

A technique to obtain account logins and personal information

Cybercriminals exploit users' inexperience or sometimes ignorance by using well-known social engineering techniques. They create emails or texts that look like those from legit companies, which convinces victims to giveaway their personal details willingly, but unknowingly.

The provided hyperlink in the new PayPal smishing[3] campaign redirects phone users to a spoofing site that looks identical to that of PayPal, but the web address is noticeably different – And soon to be victims are immediately asked to log in to their accounts.

Subsequently, they are redirected to a page where a few explanations on why their accounts have been limited are displayed, and they are advised to secure their accounts. Then PayPal users see a new page where they are asked to provide their personal information, such as full name, date of birth, and billing address.

Once users fill in these details, all of them are then sent to cybercriminals behind the scam. They could use them to exploit users' PayPal account, open new bank accounts, or use the personal information un future phishing campaigns.

If you've been tricked into filling these fields, then these steps should be taken to evade becoming a cyber victim:

  • Log in to your PayPal account and change the password immediately.
  • If the same password is used for logging in to any other accounts, visit them and change it as well.
  • Inform PayPal of such a scam and that you might have got affected.
  • To make sure no fraudulent accounts are created in your name – issues a temporary freeze on your credit report.

PayPal scams were around for a long time, and they are not about to go away

PayPal is possibly the best known alternative for direct credit card money transfers in the world. Established back in 1998 as Confinity and then acquiring its current name in 2002, the company is now ranked 182th in year 2020.

Since the beginning of PayPal, cybercriminals are trying to outsmart its users and gain access to their accounts or to profit from them in any other way. Scammers have came up with many creative scams that are often based on the original messages from the company, including overpayment PayPal scams,[4] phishing email scams, and even exploiting the COVID-19 pandemic by trying to sell imaginary government-issued virus test kits. Moreover, even malware is spread using the company name.[5]

To stay safe, remember to be cautious and abide by the terms and conditions of the company. And remember, PayPal would never send its users any text messages or force them to visit and log in to their system urgently, only cybercriminals do that. If ever in doubt, you should instead visit the official website and contact the company directly with all your enquiries.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions