publishing date icon
June 16, 2021
read time icon
5 min. read

PayPal phishing email scams 2021: How to stay off the hook

Post hero image

Table of contents

share this post

When is PayPal not your pal? When it's a bad actor sending PayPal phishing email scams.

Twenty years ago, people didn’t feel safe shopping online. Then PayPal arrived and opened a new age of easy, secure transactions. PayPal’s founding fathers--the notorious “PayPal Mafia” of Peter Thiel, Elon Musk, Reid Hoffman, et al.--spent millions building one of the most iconic and trusted brands in existence to expand digital transformation of retail shopping. Ironically, that brand recognition and hard-earned trust are now being exploited by bad actors in PayPal phishing email scams.Their phishing attacks cheat victims by spoofing the brand they trust in a barrage of emails mimicking trusted PayPal notifications. Bad actors use spray-and-pray as a strategy, knowing their phishing scams will eventually reach someone who uses and trusts the ubiquitous service. And trust raises the likelihood they’ll give out valuable information. (Find out how to equip employees with the knowledge to defend themselves and protect the organization via phishing awareness training software).

What's in these PayPal phishing email scam messages?

There are several different types of attacks, but the most common ones involve updating account details or resolving payment issues. These can be especially deceptive to a frequent PayPal user, who is used to being asked to give out such sensitive data and is thus ready to provide it again.Other attacks target people who use PayPal often enough that they may lose track of all their orders. They can be juicy targets for scam messages about payment issues, like in the below phishing message:

PayPal phishing scam example

Although it’s formatted fairly well, the above example’s text isn’t perfect. But when convincing landing pages are added to these convincing-enough emails, it’s a recipe for disaster. Here is an example of a clever landing page where the user is asked to give out basically every essential piece of information needed for full access to their account and all its money:

Here’s what happens in the video:

  1. Link takes the user to a fake Paypal website
  2. User gives out Paypal username and password
  3. Explanation about “Why is my account restricted” displayed to add more credibility
  4. User gives out billing information
  5. User gives out credit card details
  6. “Your account is verified!”
  7. Redirect to actual Paypal homepage

PayPal isn’t the only service being spoofed like this, of course. Today, there are many different services for online financial transactions, and some people might use several. This can make it harder to keep track of all the activity on their multiple accounts across different platforms. Because of this, they might fall for a phishing message more easily. They might be unsure of what is suspicious and what is legit, and just click things without a second thought.

Also, these services sometimes receive updates to the interface, so it is not uncommon for a site to look a bit different than it did the last time, and the user might not think too much of it as they just start entering credentials. When a convincing story on why the user must enter their credentials or other sensitive info to the site is added to the mix it can do a lot of harm.

It is important to stay calm and think things through when a familiar service asks you to take action on your account. Hover over links before clicking. That should help you see what’s really going on, who you are really dealing with, and why.

How to stay off the hook

  • Always be sure about what you are asked to do and why
  • If you are asked to resolve something related to your account you should do it by navigating to the service via browser instead of through the link in the email
  • If you are asked to provide information about your account or yourself, always check the URL in the browser and be certain you really are on the website you are supposed to be
  • If you have any doubts, hit the Hoxhunt button and report it!

Hoxhunt response

The Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. They cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button. Read more on how to equip your employees with the knowledge to protect your company from phishing scams.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.