Scammers Exploit PayPal’s ‘No-Code Checkout’ in Fraudulent Google Ads Results

• Cybercriminals are abusing PayPal’s No-Code Checkout feature to create a bogus pay link and trick users.
• Scammers promote these links via fake PayPal Google ads, probably through compromised advertiser accounts.
• A weakness within Google’s policies for final URLs allows impersonation while the domain coincides.

PayPal users are targeted by a new scam that abuses the platform's no-code checkout feature. Scammers are leveraging malicious Google promoted results to redirect users to fraudulent payment pages embedded with deceptive phone numbers, posing as "PayPal Assistance."

The scam begins with fake ads that impersonate PayPal, created from compromised Google advertiser accounts. A loophole in Google’s policies allows these fraudulent ads to appear credible, as they display PayPal's legitimate domain in the URL. 

Cybersecurity researchers have uncovered that users clicking these ads are redirected to malicious links structured as “paypal.com/ncp/payment/[unique ID].” 

These links present payment pages containing fields pre-filled with scam phone numbers disguised as PayPal's official support contacts.

Mobile users are disproportionately affected due to limited screen space and reduced ability to spot inconsistencies. The fraudulent ads often appear as top search results, further misleading users.

The scammers rely on common Google search terms related to customer service, banking, and online assistance to target potential victims. Deceived users may unknowingly call these false support numbers and provide sensitive information, including account credentials and payment details.

Malicious URLs used in the campaign include, but are not limited to:

• hxxps[://]www[.]paypal[.]com/ncp/payment/8X7JHDGLK9Z46
• hxxps[://]www[.]paypal[.]com/ncp/payment/BHR4AMJAPWNZW

Phone numbers listed as fake "PayPal Assistance" contacts are 1-802[-]309-1950 and 1-855[-]659-2102.

To avoid falling victim to these scams, users are advised to avoid clicking on ads for customer support services and report suspicious links and ads to Google and PayPal to aid in the crackdown on fraudulent activity.

This scam campaign has been reported to both Google and PayPal, though variants of the scheme are still circulating. Users are encouraged to stay cautious and consider installing security solutions to safeguard their devices from such threats.