Cybercriminals are targeting PayPal users, by sending out thousands of fake email messages like the one below to potential victims, which claim that the recipients' PayPal accounts have been limited and they need to click on a link in the same messages to resolve the issue or fix the problem. But, the links in the fake email messages go to phishing websites designed to look exactly like PayPal’s website, where visitors are asked to sign-in with their PayPal accounts’ username and password. But, visitors to the fake website who attempt to sign-in, will have their PayPal usernames and passwords sent to the cybercriminals responsible for the scam. Once the cybercriminals have gotten possession of their potential victims’ PayPal account credentials (usernames and passwords), they will gain access to the accounts, hijack and use them fraudulently.
A Sample of the “Your PayPal Account Has Been Limited” Phishing Email
Date: Mon, 19 Sep 2016 18:25:15 +0300
Subject: PayPal account limited statement is available log in to re-active
Your account has been Iimited.
We need your help to resolving an issue with your account. To give us time to work together on this, we've temporarily limited what you can do with your account until the issue is resolved.
It's usually pretty easy to take care of things like this. Most of the time, we just need a little more information about your account or latest transactions.
Now, please resolve Your account as soon as possible.
Therefore, PayPal users who have received email messages claiming that their accounts are limited, should delete the email messages and should never follow the instructions in them. Also, it is recommended that PayPal users enable PayPal Security Key for stronger account security. The PayPal Security Key gives PayPal users a second authentication factor when they are logging into their accounts. In addition to their passwords, they can enter a One Time Pin (OTP) that’s unique for each login. These two factors provide stronger account security. To learn more, click the following link: PayPal Security Key.
PayPal users who have already been tricked by the “Your PayPal Account Has Limited” phishing emails, are asked to change their PayPal passwords immediately and check their PayPal accounts for discrepancies, and report any that is found to PayPal.