HomesecurityNew phishing campaign targets PayPal users!

New phishing campaign targets PayPal users!

A new phishing campaign is in progress, aiming to steal the credentials from accounts PayPal users, as well as other sensitive information that can be used for identity theft.

When PayPal detects suspicious activity on an account, the account is defined as "restricted", which will place temporary restrictions on withdrawing, sending or receiving money.

New phishing campaign targets Paypal users

The cybercriminals behind that phishing campaign, send SMS which appear to come from PayPal. These messages report that a user's account has been permanently restricted, unless the user verifies their account by clicking on a link. Specifically, the message states the following: "PayPal: We have permanently restricted your account, click the link below to verify." Clicking on the link will take the user to a phishing page asking them to sign in to their account.

New phishing campaign targets Paypal users!

If you link to this page, the entered PayPal credentials will be sent to cybercriminals. The page will then try to gather more information from users such as name, date of birth, home address and bank details.

New phishing campaign targets Paypal users!

The information collected is then used to carry out identity theft attacks, the access to other users' accounts or to carry out targeted phishing attacks.

The smishing Scams are becoming more and more popular, so it is important for users to be vigilant for any SMS containing suspicious links. As with all phishing messages, never click on suspicious links, but go to domain of the main site, to confirm if there is a problem with your account.

If you received this message and accidentally logged in to your PayPal account or provided other information, you should go to and change your password. In addition, if you use the same password on other sites, you will need to change it on them as well.

You should also look for other targeted phishing campaigns using the submitted ones data. BleepingComputer also suggests tracking your credit report to make sure no fake or "fraudulent" accounts are created in your name. To avoid identity theft, you can also temporarily freeze your credit report so that they can not banks or other companies to issue credit in your name.

Every accomplishment starts with the decision to try.