Is this Text a SCAM?
YES! As a Security Check Against Your PayPal account Text is a phishing scam that attempts to steal your PayPal account information by tricking you into filling out your details in a form on a fake page.
Myantispyware have uncovered a new phishing campaign that targets PayPal users with fraudulent text messages and attempts to obtain sensitive information (usernames, passwords, and credit card details), in addition to their PayPal credentials.
Here’s an example of a scam text, claiming to be sent from PayPal:
A Security Check Against Your PayPal account Scam Text:
As a security check against your PayPal account has been restricted.
Please click on the following link to provide your information:
hxxps://membership.ffm.to/owrxpeakhg
If we do not receive a response to our verification attempt within the next 24 hours, we will permanently limit your account.
Thank you,
PayPal
QUICK LINKS
- Is this text a SCAM?
- How Does the PayPal Scam Work?
- How to Spot Scams That Mimic the PayPal text?
- What to do when you receive the PayPal SCAM text?
- Report a Scam
How Does the PayPal Scam Work?
In this fraud, scammers send texts that appear to be from PayPal. These messages are an example of “smishing”, where scammers send texts that look legitimate. They falsely claim that your PayPal account has been restricted and encourage you to click a link (subslink.ffm.to/officials) to verify the account. This link is a phishing attempt link and should not be clicked or followed!
Attackers may use long redirect chains to hide malicious content. Most malicious redirects are conditional. It means that redirection only occurs when a certain condition is met. For example, you will be redirected only if you tap a link from the message.
Membership.ffm.to is not the final redirect destination, you get redirected further. We detected the following URLs were used in the redirect chain:
- https://membership.ffm.to/owrxpeakhg
- https://l.ead.me/df567sd
- https://formsonlinefill.us/zqUEFsmJHp
After two hops and a total of three URLs, your final destination is a phishing scam designed to look like a PayPal page to trick you into entering you login credentials and credit card details. If you log in on the phishing page, the entered PayPal credentials will be sent to the scammers for them to use.
VirusTotal flagged a fake PayPal page as malicious:
In many cases, scammers will ask you to provide or verify personal information, PayPal login details, or two-factor authentication codes. The collected information is used to conduct identity theft and unauthorized financial transactions, compromise your other accounts, perform targeted spear-phishing attacks, or other malicious purposes.
While less likely, scammers may ask you to call a given number. Scammers may try to trick you into purchasing fake support services or installing a remote control tool, which they pretend to be a program to diagnose a computer. It is important to understand that having access to a computer, scammers can steal private information and personal files, install malware (spyware, ransomware or Trojan horses).
To summarize, the Security Check Against Your PayPal account is a SCAM. It can lead to loss of data, financial losses, theft of personal information and other serious problems.
How to Spot Scams That Mimic the PayPal text
There are always a few details that can give away a scam. Make sure you know what to look out for.
- If you receive a PayPal text, don’t respond, call or click on any links. Stop and think. An unexpected text message is often the first sign of a scam. Scammers use this tactic to harvest your personal information.
- The most obvious way how to spot a fake PayPal text is finding inconsistencies in domain names, phone numbers and email addresses. If the text claims to be from the PayPal, but the message is being sent from a random phone number or email address, it’s probably a scam.
- If you have the slightest suspicion a text may be a scam, do not click on the links you see.
- The text message creates a sense of urgency. Creating a false sense of urgency is a common trick of phishing scams. Be suspicious of texts that claim you must call or click a link immediately.
- Copy a link from the PayPal text, use a free URL Checker (https://www.virustotal.com/gui/home/url) to check the link. It allows checking the safety of a link without clicking on it.
- Any texts from PayPal will come from 729725 (PAYPAL) in the US, or 62226 in the UK. Note that there are no dashes in the number. If you receive a PayPal text from any other number, it’s a scam.
Examples of such scams
The Security Check Against Your PayPal account Scam Text is just one of the many types of scams that exist. In some emails and text messages, scammers use threats to intimidate and bully a victim into paying, others contain links to malicious files. Desert Fields Bentons Sofa Scam Text, Your Netflix account has been suspended Scam Text, Geek Squad EMAIL SCAM, Your Package Cannot Be Delivered Text Scam, Online Banking Alert Text Scam are some of the scams we reported recently.
-
- Your Netflix account has been suspended Scam text
-
- Simon Attempted To Deliver Your Shipment Scam Text
-
- Online Banking Alert Scam Text 847.893.5174
-
- International Parcel Service Scam text
What to do when you receive the PayPal SCAM text?
We advise everyone who receives this text to follow a few simple steps below.
- Do not believe this message.
- NEVER give your personal information, PayPal login credentials or credit card details
- Do not call scammers back.
- If you are unsure if a message is coming from PayPal, contact the PayPal directly through their official website or using an official phone number.
- If there’s a link in the scam text, do not click it, otherwise you could unwittingly install malware or ransomware on your device.
- Report the scam text to the FTC at https://www.ftc.gov/
- If you have paid a scammer, the sooner you act, the better. Use the steps (https://consumer.ftc.gov/articles/what-do-if-you-were-scammed) to try to stop a transaction, get a transaction reversed, or get a refund.
- If you received this text and you logged in to a fake PayPal page, you should immediately go to PayPal and change your password.
Threat Summary
| Name | Security Check Against Your PayPal account Scam Text |
| Type | Phishing, Scam, Social Engineering |
| Fake Claims | Paypal asks you to confirm your PayPal account; Click a link to verify the account; If you fail to do that within 24 hours of receiving the text, your account will be permanently disabled. |
| Fake PayPal pages | membership.ffm.to, safelinks.ffm.to, subslinks.ffm.to, manage-status.ffm.to, ffm.to/verify, gotolink.ffm.to, checknow.ffm.to, go-to-link.ffm.to/update_ |
| Senders | pp_001-540-089-7374.cs-us |
| Distribution methods | SMS spam campaigns |
Report a Scam
If you have received the Security Check Against Your PayPal account SCAM text or a fake PayPal message that is similar but not the same as the example above, then post it as comment on this article. Please include the telephone number the text came from. This helps us to warn users about current scams, monitor trends and disrupt scams where possible.
