PayPal scams rise by 600% since the start of 2025.
No doubt, you will have read the recent news articles about hackers trying to steal your Gmail account password, or maybe the spray and pray campaign targeting your Windows account, because cybercriminals follow the money. Both the Gmail and Windows user bases, which are often one and the same thing, provide the opportunity to compromise huge numbers of passwords and gain access to the data that sits behind them. What’s more, those accounts can also be used to leverage social engineering attacks. And that, dear reader, is where the phishing and money parts of the story intersect: it has been reported that PayPal attacks have risen by 600% since January. Here’s what you need to know and why you must take action now.
The Huge Spike In PayPal Attacks — What You Need To Know
Let’s get two things out of the way before digging deeper into the recent spike in PayPal-related attacks. Firstly, PayPal hacks and scams are nothing new. From the use of legitimate PayPal emails in one nasty threat campaign that I wrote about in February, to the dangerous PayPal invoice that could bypass security protections in May. And, secondly, PayPal actually does take your security very seriously indeed. So, in relation to that last attack, for example, PayPal told me it is constantly evolving its fraud detection tools, including adding fraud reminder notices with advice for customers on all global invoice requests and peer-to-peer money requests.
But, and it’s a big one, that doesn’t mean that the PayPal attack landscape isn’t expanding or can be ignored. Far from it, in fact. A McAfee security report by Abhishek Karnik, McAfee’s director for threat research and response, has confirmed a massive 600% spike in fraudulent PayPal-related scam emails since January. “The recent surge has been traced to a single, highly effective campaign where attackers send official-looking emails with ‘Action required’ warnings,” Karnik warned, “demanding users update their account details within 48 hours or face account suspension.”
I have approached PayPal for a statement, but in the meantime, users are advised to take the following mitigation steps to prevent becoming a victim of this or other PayPal phishing scams:
Do not pay any unexpected or suspicious invoices or payment requests.
Do not respond to any of the above requests.
Enable two-factor authentication for your PayPal account.
Report any phishing emails to the PayPal security team by forwarding them to phishing@paypal.com and then deleting them.
