PayPal users who have received the fake "PayPal Limited Activity" email below claiming their accounts have been flagged are asked not to follow the instructions in it. This is because the fake email is a phishing scam being sent by online scammers, and not by PayPal. The aim of the scammers is to steal the recipients' PayPal usernames, passwords and credit card information, which they(scammers) will use to hijack their accounts and use them fraudulently.
The "PayPal Limited Activity" Scam
From: "service@paypal.co.uk" - supportresponse@suplse.co.uk
Date: 8 February 2020 at 09:53:28 GMT
Subject: Limited Activity
Reply-To: "service@paypal.co.uk" - supportresponse@suplse.co.uk
logo
Security notice
We are writing to inform you about a recent initiative taken by PayPal to secure our network against online fraud by authenticating our client on the basis of the threat level of their account..
Your account has been flagged by our system for authentication. View the possible events listed below for reasons as to why this has occurred.
Possible events occurred
Log in attempts from an unusual or unrecognized device or location.
Requesting any operation using unusual pattern.
Too many incorrect log in attempts.
For security, all your account services are disabled until response has been received from you.
Please click "Confirm now" button below to confirm your identity.
Confirm now
Thank you,
PayPal
If the instructions in the phishing scam are followed, the potential victims will be taken to a fake PayPal website and ask to sign-in with their PayPal usernames and passwords. They will then be asked to update their credit card information by entering it on the bogus PayPal page.
All the information entered on the bogus PayPal page will be sent to the online scammers behind the scam. Once they have their potential victims' PayPal credentials, they use it to hijack their accounts and use them fraudulently. This includes stealing money from their accounts, using their PayPal accounts and credit cards to make fraudulent purchases. Victims who have already entered their PayPal user names, passwords and credit card information on the fake website are asked to change their PayPal password and contact PayPal and their bank immediately for help.
Please note that PayPal will always address their users by name and will never refer to them using the following:
- Dear [Email Address]
- Dear PayPal customer
- Dear Valued Customer
- Dear Member
- Dear User
- Dear Customer
To avoid getting tricked by these phishing scams, PayPal users are asked never click on a link in an email message to sign into their PayPal accounts. They should always go to www.paypal.com and sign into their accounts from there. After signing in, PayPal will display important messages or notifications to them.