Everyone with a PayPal account needs to be alert with security experts warning that users are being targeted by a barrage of scams.
All PayPal account holders must be aware of a new warning and take great care when being contacted by the online payment firm. It appears that the platform is firmly in the sights of cyber criminals who are using its popularity to trick unsuspecting users into handing over private and personal details.
And it’s not just a few scam messages being sent out. The security team at McAfee Labs is warning that there have been a 600% increase in PayPal attacks since the start of 2025.
As you might expect, the majority of the threats are being sent out via fake emails, which suggest worrying changes have taken place, such as accounts being suspended. Once opened, these emails then urge PayPal users to update their details – sadly, the links embedded within the message are fake and, if tricked, account data is then handed to crooks.
According to McAfee Labs, other popular attacks include fake PayPal gift card offers, fraudulent invoices and customer support scams about billing issues.
Explaining more, McAfee said: “While PayPal works diligently to protect its users, scammers are constantly evolving their tactics and often capitalise on well-known companies, especially if they’ve been in the news recently.
“The recent surge has been traced to a single, highly effective campaign where attackers send official-looking emails with ‘action required’ warnings, demanding users update their account details within 48 hours or face account suspension.”
PayPal also has a full webpage dedicated to online scams in a bid to help its users become a victim.
With attacks on the increase, McAfee is urging everyone to take care when opening messages, texts and emails that claim to be from PayPal.
The security team has also issued top 10 tips which those with a PayPal account would be wise not to ignore.
How to protect yourself from PayPal scams
• Verify all communications directly with PayPal: Never click links in emails or texts claiming to be from PayPal. Instead, open a new browser window and log in directly at Pay, Send and Save Money with PayPal, or use the official PayPal app to check for notifications.
• If an email says it’s from [email protected], proceed with vigilance: Some scammers spoof email addresses or use real PayPal tools like their invoices to fool you.
• Scrutinise web addresses and email senders: Legitimate PayPal emails will come from addresses ending in @paypal.com. Be wary of similar-looking domains like paypal-account.me or service-ppal.com.
• Never call phone numbers provided in suspicious messages: If you need to contact PayPal support, use only the official contact methods listed on their website: PayPal Contact Us | PayPal US
• Use PayPal’s built-in security features: Familiarise yourself with PayPal’s security centre and take advantage of their fraud protection tools.
• Check your PayPal account regularly: Frequent monitoring allows you to spot unauthorised activity quickly and report it before significant damage occurs.
• Be sceptical of urgency and threats: Legitimate companies do not typically threaten immediate account closure or demand urgent action within short timeframes like 28 hours.
• Turn on two-factor authentication: If you do so, if someone gets your password, they still can’t access your account without a code sent to your phone or an authenticator.
• Report suspicious activity immediately: If you receive a suspicious message or notice unauthorised activity, report it to PayPal and change your password right away.
• Skip messages that offer gift cards or say you’ll get paid for filling out a survey: PayPal doesn’t typically send these, but scammers often do.