PayPal Phishing Hits an All-Time High

2019 was a big year for PayPal for all the wrong reasons. After a decline in phishing URLs in Q4 2018, PayPal phishing shot up exponentially in 2019, increasing 167.8 percent in Q1 and consistently outranking its peers for a total of 61,226 phishing URLs detected by Vade in 2019.


Why the rise in PayPal phishing emails?

A spike in brand phishing campaigns often coincides with a newsworthy event or announcement. While there’s no way to know with certainty what exactly contributed to the spike in PayPal phishing, the digital payments giant launched a new business venture shortly before one of the biggest phishing spikes of the year.

In June 2019, PayPal announced the PayPal Commerce Platform, a digital commerce solution connecting PayPal's 277 million active users with (at the time of the writing) 22 global merchants. PayPal Commerce Platform provides not only a payments solution for SMBs but also simplified compliance, anti-fraud protection, and end-to-end payments offerings.

On June 2, 2019, the day before the announcement, Vade detected 59 PayPal phishing URLs. That number doubled within two days and increased more than 630 percent by June 18.

Common PayPal scams

Regardless of whether you have one or multiple accounts connected to PayPal, any amount of suspicious activity on your account is going to cause alarm. This makes security alerts one of the most common and effective methods of PayPal phishing. Consumers, eager to protect themselves, often react emotionally and click on the phishing link to resolve the issue.

Common PayPal scams

Just as alarming as receiving a PayPal alert that someone is using your account is receiving an alert that someone has made a purchase with your account. This common scam involves a PayPal email thanking you for your purchase. The below example is a fake payment email alerting the user to a nearly €400 payment made through a victim’s PayPal account.

Common PayPal scams

Weekends are most popular days for PayPal phishing

While Microsoft was the most impersonated brand on weekdays in 2019 and the most impersonated brand overall, PayPal was the weekend leader. The number of PayPal phishing URLs detected by Vade on weekends was nearly triple that of Microsoft.

Average # of unique phishing URLs per day
Average # of unique phishing URLs per day

Microsoft’s corporate Office 365 user base makes it a perfect fit for weekday phishing when users are in the office and most active on email. PayPal users, however, include millions of non-business consumers who use the PayPal platform. The nature of PayPal’s business ensures that consumers will pay attention to account alerts on weekends, unlike business users who might ignore email altogether.

Tracking PayPal impersonation

PayPal phishing increased by 85 percent in 2019, but PayPal was just one of ten financial services brands that made the list of the most impersonated brands of 2019. Phishers’ Favorites is Vade quarterly report that highlights the top 25 impersonated brands in phishing attacks, the latest techniques hackers are using to impersonate the top brands, and the overall trends that influenced notable phishing campaigns.

In our first annual Phishers’ Favorites report, we explore more about why PayPal phishing doubled in 2019, why Microsoft is dominating the phishing landscape, and what PayPal and Microsoft phishing means for SMBs.

Download the full-year report.