SMS Phishing Campaign Targets PayPal Users With Fake Alerts

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

There’s a new phishing campaign targeting PayPal users, and its orchestrators are using SMS instead of email to spread their fake alerts. The goal of the campaign is to steal PayPal account credentials (smishing), and the bait is a warning about your account dropping to a “limited” status. Supposedly, the SMS recipient needs to verify their account to lift the temporary restrictions. Otherwise, they won’t be able to withdraw, send, or even receive any money via the popular online payments platform.

The SMS contains a URL link where the recipient is urged to click on, and the next stop is a phishing page that features a well-crafted login page. The domain that was used initially is “pyplvryzs[.]com,” which is obviously not part of the official PayPal domain space.

Still, again, people in panic may just skip all sanity checks and proceed anyway. The domain has been reported, so internet security solutions will display a warning when the user attempts to visit it, and it’s now offline. Of course, the actors may very easily update their SMS content to point to a new domain.

Source: Bleeping Computer

Apart from the credentials, the actors are also asking the user to enter their full name, date of birth, address, zip code, country, etc. This is done in a second step, so even if the victim realizes the scam at this point, the credentials that were provided previously will already be gone to the actor’s server.

If the additional details are entered, the actors will get anything they’ll need to perform full-blown identity theft attacks, gain access to additional accounts, or set up more targeted phishing attacks in the future.

Source: Bleeping Computer

If you have fallen victim to this trickery, go to PayPal.com immediately and change your password. Also, do the same on other online platforms where you may be using the same password. If you haven’t enabled 2FA on PayPal yet, do it now.

As always, when you receive an email or SMS claiming anything about your accounts, instead of clicking on embedded buttons or URLs contains in the message body, visit the official website directly, login, and check for any messages or pending issues that request your attention.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: