Skip to Content
© Alejandro27 | Dreamstime.com
Security & privacy

Scam alert: PayPal account ‘limited,’ phishing text claims

Another day, another phishing scam. If it seems like we’re dealing with a huge influx of scams right now, you’re right. We are.

Email and web-related scams skyrocketed at the start of the pandemic, and they’re still going strong. Tap or click here for ways scammers are using COVID vaccines to get you. Add in the other recent types of schemes, like shopping and IRS scams, and it’s clear that cybercriminals have been working overtime.

Now, there’s a new scam going around to watch for. This one involves phishing texts and a widely-used payment app that you have on your phone right now. Here’s what you need to know to avoid this scam.

The new phishing text scam

According to Bleeping Computer, a new PayPal text message phishing campaign is currently targeting victims in an attempt to steal their account credentials and other personal information. This campaign uses SMS text phishing — otherwise known as smishing — to steal your information, and it could lead to identity theft or the draining of your bank account.

Here’s how it works. When PayPal detects suspicious activity on your account, the account’s status is set to “limited.” This limited status puts temporary restrictions on withdrawing, sending or receiving money through your PayPal account. The cybercriminals behind this smishing campaign use these temporary account protections to trick victims into handing over their PayPal credentials.

Cybercriminals are sending out text messages pretending to be from Paypal to get access to victims’ PayPal information. These messages state that the victim’s PayPal account is at risk of being permanently limited due to a lack of verification.

Related: Watch your phone for 6 phony messages costing people money

“PayPal: We’ve permanently limited your account, please click link below to verify,” the smishing text message states.

Source: Bleeping Computer

If you click on that link, you’ll be taken to a spoofed page and prompted to enter your login credentials. Fall for it, and you’ll be handing over your login credentials to thieves.

That isn’t the only information at risk, either. This campaign takes it a step further by asking for a ton of other personal information, including your name, date of birth, address, bank details and other important information. 

Source: Bleeping Computer

If you fork over that information, you’re at serious risk of identity theft. Not only will the criminals have your PayPal login information, but they’ll have everything they need to access your other accounts, open new accounts in your name or even target you for spear-phishing attacks in the future.

Related: Outsmart scammers! Fake delivery and shipping text red flags

How to protect yourself from this scam

First things first: If you’ve already fallen for this scam and have entered your PayPal credentials into the link in the text, you need to change your password on your account ASAP. If you’re using that password on other sites, change each and every password for every site.

To avoid being scammed by this or other smishing attempts, you should:

  • Never click on links from unknown senders, either in your texts or email. If you think there’s an issue with your PayPal account, go directly to the PayPal website rather than clicking a link. That may take an extra step, but it’s worth the hassle to avoid being scammed.
  • Keep an eye out for spelling and grammar mistakes. In many cases, these types of smishing scams originate in countries where English isn’t the primary language. Receiving a text with spelling or grammar issues can clue you into the text being a scam. No reputable company will send out texts with major errors.
  • Watch for urgent or threatening language. If an unexpected text tells you that something bad will happen if you don’t respond, be very wary. If the message threatens to freeze your account or penalize you with some other punishment, your scam senses should be tingling.
  • Be on the lookout for spoofed numbers. Scammers will spoof phone numbers to mask their identity, so keep an eye out for mismatched area codes and other phone number errors. These codes have been flagged as part of known scam campaigns: 917, 765, 646, 470, 347 and 332.

Phishing scams like this are becoming more common. With criminals having access to better technology and spoofing techniques, we have to always be on guard and looking for schemes trying to rip us off. Use the safety tips we’ve given you here and you’ve got a fighting chance.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now