New PayPal Phishing Campaign Targets Holiday Shoppers
Cybercriminals are exploiting Black Friday deals with fake PayPal payment confirmations. Emails appear legitimate with spoofed sender addresses and official-looking logos.
1Overview
A sophisticated phishing campaign is currently targeting PayPal users, particularly those shopping during the holiday season. Cybercriminals are sending emails that closely mimic official PayPal communications, complete with spoofed sender addresses and copied branding elements.
2How the Scam Works
Victims receive an email claiming their PayPal account has been limited or that a suspicious transaction has been detected. The email contains a link to a fake PayPal login page designed to steal credentials. Once entered, the scammers gain full access to the account and linked payment methods.
3Warning Signs
Look out for urgent language demanding immediate action, slight misspellings in the sender's email domain (e.g., "paypa1.com"), generic greetings like "Dear Customer" instead of your name, and links that don't lead to paypal.com when hovered over.
4What to Do If You Received This Email
Do not click any links in the email. Go directly to paypal.com by typing it in your browser. Report the email to phishing@paypal.com. If you already clicked the link and entered your credentials, change your PayPal password immediately and contact PayPal support.
5How to Stay Protected
Enable two-factor authentication on your PayPal account. Always verify the sender's email address carefully. Bookmark official websites and use those bookmarks instead of clicking email links. Install a reputable anti-phishing browser extension.
Tags
Share this alert: