The "PayPal Limited Activity" Scam
From: "email@example.com" - firstname.lastname@example.org
Date: 8 February 2020 at 09:53:28 GMT
Subject: Limited Activity
Reply-To: "email@example.com" - firstname.lastname@example.org
We are writing to inform you about a recent initiative taken by PayPal to secure our network against online fraud by authenticating our client on the basis of the threat level of their account..
Your account has been flagged by our system for authentication. View the possible events listed below for reasons as to why this has occurred.
Possible events occurred
Log in attempts from an unusual or unrecognized device or location.
Requesting any operation using unusual pattern.
Too many incorrect log in attempts.
For security, all your account services are disabled until response has been received from you.
Please click "Confirm now" button below to confirm your identity.
If the instructions in the phishing scam are followed, the potential victims will be taken to a fake PayPal website and ask to sign-in with their PayPal usernames and passwords. They will then be asked to update their credit card information by entering it on the bogus PayPal page.
All the information entered on the bogus PayPal page will be sent to the online scammers behind the scam. Once they have their potential victims' PayPal credentials, they use it to hijack their accounts and use them fraudulently. This includes stealing money from their accounts, using their PayPal accounts and credit cards to make fraudulent purchases. Victims who have already entered their PayPal user names, passwords and credit card information on the fake website are asked to change their PayPal password and contact PayPal and their bank immediately for help.
Please note that PayPal will always address their users by name and will never refer to them using the following:
- Dear [Email Address]
- Dear PayPal customer
- Dear Valued Customer
- Dear Member
- Dear User
- Dear Customer
To avoid getting tricked by these phishing scams, PayPal users are asked never click on a link in an email message to sign into their PayPal accounts. They should always go to www.paypal.com and sign into their accounts from there. After signing in, PayPal will display important messages or notifications to them.