A new type of PayPal text message scam is targeting smartphone users with a text message falsely warning that you've sent money to an unknown recipient. Follow the provided link to query this, and you could give your financial details to a scammer.
PayPal scams are increasingly common, as the online payment giant becomes the go-to system for making payments between individuals or to businesses. Scammers frequently attempt to leverage the popularity of PayPal by sending imitation emails that claim to be from PayPal. This same principle is now being used via text messages.
We explain what to watch out for with PayPal phone scam, plus show how the scam works in practice.
How the PayPal Text Scam Works
Nope, we didn't pay ‘Lucy Parker' any money. But, the text message – received from an account rather bluntly named ‘PAY' – insists we've generously sent money her way.
This is designed to prompt immediate concern. The hope is, you'll rush to take action and fail to stop and consider if this is to be trusted.
The scammers provide a link for you to click on to ‘check the transaction. Though this masquerades as an official PayPal link, it's nothing of the sort. Squint, and you might even spot the key difference – it's to a similarly-named site called pay-pail.com.
So, we have all the calling cards of a classic scam:
- the worry you've lost money
- a lack of detail around how this happened
- a push to check your account
- a link that looks (almost) like the real thing
Plenty of recipients will be savvy enough to delete the message and go no further. But what happens if you actually click on the link? We investigated to find out.
Playing Along with the PayPal Text Scam
Using a safe network, we tapped on the link in the message (never do this yourself) to see how the scammers attempt to part victims with their money.
The first thing you'll see if you tap the link is a website that looks uncannily like the real PayPal site.
It's actually very simple for a scammer to lift the branding – including official logos– from a legitimate brand and attempt to pass off a fraudulent website as the real deal.
Look to the URL web address though, and you'll see that this is the phoney ‘pay-pail' site, not the real thing.
Though it's dressed up with links (a Contact Us and Privacy Page, or a link if you're having trouble signing in), none of these lead anywhere – they'll simply take you back to the same scam site and encourage you to log in with your email address and password.
What happens if you continue?
Enter your details, and the scammers will have the keys to the kingdom – your email address and password combination.
If, like far too many online users, you re-use the same email address and password across multiple accounts, then you've inadvertently handed over your login details for multiple sites.
For that reason, we strongly recommend using a password manager. These simple tools can automatically generate unique, complex passwords for every site or service you use, and will log you in automatically.
See our reviews of the best password managers for more.
Handing Your Details to Scammers
We followed the path set out by the scammers, entering false information every step of the way. The very fact you can proceed with a made-up email address and password proves how phoney the whole setup is.
Along the way, the scammers demand a huge amount of sensitive data. This includes:
- Your full name (we gave the middle-name of ‘Danger')
- Your date of birth
- Your full home address
- Your mother's maiden name (also Danger, in our case)
- Your full card number and expiry date
- Your Verified by Visa Password
It goes without saying that this is an exceptional amount of sensitive and financial data. Give this level of detail to a scammer and they can lift a potentially huge amount of money from your account.
So, what should you do if you receive a PayPal text scam yourself? There are two main options:
Delete it – plain and simple. Get rid of the message and don't look back. Your number will be one of thousands that was targeted, so don't worry that you're being singled out.
Report it – be a good citizen and help PayPal stay ahead of scammers. Alert PayPal at “firstname.lastname@example.org,”