Criminals brandjack PayPal: Is your account compromised?
Home 5 Blog 5 Criminals brandjack PayPal: Is your account compromised?

PayPal is one of the most trusted payment gateways in the Internet today. However, not even the most trusted brand is safe from cyber criminals. Read about the latest scam to target consumers and IT professionals here.

Leading security expert Mailguard recently reported an attack that aimed to steal credit card information. The criminals rode on the trust consumers placed on PayPal by mimicking an official email from the brand.


Consumers received the fraudulent PayPal email with the subject “Your PayPal account has been limited ? “ It contained a generic greeting, telling users that their account has been limited temporarily in order to protect it.” It also urges users to click on the button to activate their account.

Once users click the button, they will be led to a page where they are asked to input their PayPal credentials.


After doing so, the page refreshes to ask them to update their account information. Personal data including their full name, address, date of birth, and phone number are requested. The fake site also copies the PayPal interface, including the Log Out button on the top right corner and the gear button for the settings.


Next, they are asked to input their credit card or debit card details. The card number, expiration date, security code, and credit limit are asked of the consumers.


After completing all these steps, users will be shown a completion page. From there, they would be redirected to the legitimate PayPal login page.

This scam is wisely thought out, considering that it gives users the false sense of security that they have reactivated their accounts. They are also led back to the legitimate PayPal login page after “updating” their account details. As a result, they would be unlikely to report the fraud immediately, while the criminals have harvested enough information to steal their identity.

Sadly, this is not the first time that such scams have happened. As such, it always pays to be vigilant when it comes to giving out your credit card information. Here are two red flags to check when you receive a dubious email:

  • Check the greeting – Majority of fake emails contain generic greetings. If the email is from a legitimate source, such as PayPal or your banks, then they would address you by name.
  • Check the grammar and spelling – Most of these scams have poor grammar and spelling. Make sure there are no awkward sentences or labels in the forms you are requested to fill in.

About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditations from the world’s leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779