Warning As PayPal Cyberattacks Continue—What You Need To Know

Hot on the heels of what has been called a phish-free cyberattack against PayPal account holders, cybersecurity experts have warned of ongoing attacks and PayPal has advised users how to keep their accounts and money safe. Here’s what you need to know.

ForbesGoogle ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act NowBy Davey Winder

The Ongoing PayPal Cyberattacks—What You Need To Know

PayPal is certainly not alone in being targeted by cybercriminals of all flavors, with the FBI remotely deleting malware from thousands of U.S.-based computers, Trump’s Truth Social platform hit by scammers, and Amazon users targeted by a “recovery impossible” ransomware threat. However, given the high profile of the online payment platform, it should come as no surprise that hackers and scammers have PayPal accounts in their crosshairs. “PayPal has become a prime payment platform, not just for consumers, but for scammers too,” Milan Bosman, commercial director at Hypernode, said, “cybercriminals are increasingly taking advantage of the reduced vigilance that comes with the excitement of a great deal.” Cybersecurity experts from the managed e-commerce provider have warned of ongoing attacks that PayPal users need to be aware of in 2025.

Problems with your account: these phishing scams impersonate official PayPal communications and work to leverage fear that an account could be suspended. The ultimate payload is account takeover through credential theft.

Order confirmation scams: these leverage fear of money being taken out of an account by claiming a large purchase has been made and confirmation is needed to authorize funds. Payload? Yep, you guessed it, account takeover through credential theft.

PayPal account hack attacks: taking advantage of weak passwords, reused credentials compromised in other attacks or outdated security settings, PayPal accounts are a prime target for hackers in order to steal money or make fraudulent purchases.

ForbesDo Not Click—New Gmail, Outlook, Apple Mail Warning For BillionsBy Davey Winder

PayPal Advises Users Of Attack Mitigation Protections

PayPal told me that it takes all the necessary steps to protect customers as scammers and other cyber attackers evolve their methodologies and tactics. Paypal is proactive when it comes to limiting accounts and declining transactions that are deemed to be potentially risky, with customers already likely to have seen some of the fraud detection technologies in action: fraud reminder notifications and advice, for example, with global invoice and peer-to-peer money requests.

“As a trusted commerce platform, PayPal takes pride in our work to protect our customers from evolving scams and fraud activity, including this common phishing scam,” a PayPal spokesperson said, “We encourage customers to always remain mindful online and visit PayPal.com for additional tips on how to protect themselves.”

PayPal customers can consult guides on how to spot a fake PayPal email and stop scammers from gaining access to their accounts.

ForbesNew Facebook Security Alert—Your Account Is Safe, Your Password Is NotBy Davey Winder

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.