Nothing is surprising about a PayPal phishing scam but what might raise some eyebrows is the fact that these scams are becoming sophisticated day by day.

Usually, phishing scams look for users’ login credentials, but we discovered a scam that aims at stealing everything from a PayPal users, and that includes their PayPal login credentials, address, credit card, banking data, passport, identity card and driver license.

It starts with an email that informs users about a change in their “Billing Information,” and directs that in case they didn’t make the supposed change they need to click on a link hidden behind a URL shortener to verify that it’s not them. “If you did not make these changes or you believe an unauthorized person has accessed your account, you should change your password as soon as possible from your PayPal ID account page,” says the email.


The subject of this phishing email is “re: [ Statement Update ] reminders: Your PayPal ID information” which means the sender is trying to trick the users into believing that the email is part of PayPal resolution center and deals with an ongoing matter.

The email comes to user inbox rather than going to spam folder while another important fact about this scam is that the email is being delivered by address, which is a genuine email address officially used by PayPal to contact users. For instance, the screenshot below is an official PayPal email sent to a user to confirm their account’s email address.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

Therefore, it is unclear how cybercriminals are using an official PayPal email address to carry phishing scams. However, the same email is being used for scams since 2010. It could be that scammers are using fake senders, but usually, an email sent from a fake email sender goes straight into spam folder rather than the inbox.

Once the user clicks on the link in the email that asks them to verify if it’s their account, it claims to detect suspicious activity but in reality; the information belongs to the user’s current login destination.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

It then takes them to a fake login page that looks like an official PayPal page.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

Upon signing in with their credentials user is taken to another page and ask to enter details like personal address, city, state/county, zip code, country, phone number tax identification code and date of birth.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email
PayPal never asks for such data

Furthermore, it takes users to a page that asks users to verify their credit card details including credit card number, cardholder name, expiration date and its verification code (CVV).

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

Moreover, if the user is successfully tricked into giving away their credit card data, they are taken to a page that asks them to verify their bank account details and identity. To get their hand on this information scammers ask users to enter bank name, bank account number, bank code, bank login ID, password and password for their banking card.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

To verify their identity, users are also asked to either upload a copy of their passport, or identity card and driver license. Remember, previously, iCloud phishing scam a used similar trick to ask users to upload their personal documents like passport identity card and driver license.

A Tricky PayPal Phishing Scam that Comes from Official PayPal Email

The good news for Chrome users is that the browser has already flagged the fake login link (—-) used in this scam as a potentially dangerous site to visit.

PayPal users are urged to be vigilant and don’t fall for such phishing scam otherwise they will lose much more than their PayPal account. In case you have received such email and can’t differentiate between an original and a fake email go to PayPal website directly and login to check its resolution center. The PayPal website has a verified green signature as shown in the screenshot below:

Always keep an eye on the green certificate then use your login credentials on the site


Another day, another data breach: This time it’s with a PayPal-acquired firm

Just three days ago we told you about a landmark case being brought against technology giant Google for its alleged unlawful ‘harvesting’ of personal information from Apple iPhone users. Now it has been revealed that personally identifiable information for approximately 1.6 million customers of TIO Networks – a payment processor acquired by PayPal barely five months ago – may have been compromised.

While the two cases differ in that the latter is not an allegedly deliberate move by the platform itself, they still serve as a strong reminder of the issue surrounding data protection. Remember that survey we told you about in October which found that 39% of 250 insurance brokers in the UK are not even aware of the General Data Protection Regulation (GDPR) that is coming into effect in 2018?

The operations of TIO were suspended by PayPal last month in order to safeguard customer data while a probe looked into the former’s security weaknesses.

“This suspension of services is a result of PayPal’s discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security programme that do not adhere to PayPal’s information security standards,” said PayPal in November.

Now the ongoing investigation has identified evidence of unauthorised access to the platform’s network. Worryingly, this included locations that not only accessed but also stored personal information of some of TIO’s customers, as well as customers of TIO billers.

PayPal said, as a result, it is taking steps to protect affected customers while TIO coordinates with the companies it services to notify potentially affected individuals. It is also working with consumer credit reporting agency Experian to provide free credit monitoring memberships.

“We greatly appreciate the support of our billing partners, retailers, agents, and consumers during this time,” said TIO in an update posted on its website. “We will continue to communicate important updates to customers.”

Meanwhile PayPal assured: “The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.”

MUST READ: Why US Privacy Shield is NOT in compliance with GDPR – Risk being BLACKLISTED!

This article is sponsored by:

GDPR certified

Show your customers that you care about their privacy! European Center for GDPR Certification is the “Consumer Trust Body” of the General Data Protection Regulation. Visit to read about how to add “GDPR TRUST SEAL”™ to your website in order to gain more business and distance you from the not so serious businesses – It Pays Off!