Attackers Abuse LiveChat to Phish Credit Card, Personal Data
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
PayPal is a digital payments platform whose account security, fraud controls, vulnerabilities, and breach disclosures can affect online transactions.
Search across headline titles and summaries.
Background for this topic.
PayPal is an online payment platform for consumer accounts, merchant checkout, money transfers, and payment-processing integrations. Its ecosystem includes web and mobile applications, APIs, account-funding methods, and merchant webhooks, so security news may concern PayPal services, connected applications, or the handling of payment and identity data.
The main security concerns are account takeover through phishing, credential reuse, or stolen session data; fraudulent payments and unauthorized transfers; and weaknesses in merchant integrations that mishandle API credentials or fail to verify webhook messages. Defenders should use available multifactor authentication, protect API secrets, validate transaction state server-side, and monitor unusual account and payment activity. Vulnerability advisories affecting PayPal software or integrated systems require prompt assessment, while suspected fraud or compromise calls for preserving transaction records, securing the account, and following PayPal’s reporting and recovery procedures. Privacy and payment-security obligations also depend on what personal and card data a merchant stores or transmits.
Weekly headline count for the current query.
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
Fintech Giant Says Personal Data Exposed for About 100 Business Users of Loan AppFinancial services firm PayPal said it discovered a data breach that lasted for six months, exposed some business customers' personal information and led to fraudulent charges. The company said about 100 customers were affected, and that it has fully refunded them for fraudulent charges.
About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. [...]
Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. [...]
US payments platform back in action, says it's informing affected customers Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal's fraud-detection systems.…
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
Don’t trust mystery digits popping up in your search bar Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…
Also, Nike Sued Over Shutdown of NFT SubsidiaryThis week, KiloEX compensation after Oracle exploit, Nike sued over NFT shutdown, SEC dropped probe into PayPal PYUSD, Long Island man sentenced for crypto fraud, Americans lost billions to crypto scams, Loopscale exploiter agreed to return stolen funds and bank regulators softened stance on crypto.
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers [...]
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...]
Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients
David Sacks Appointed as Trump's AI and Crypto Czar Amid Growing Industry ConcernsPresident-elect Donald Trump's appointment of former PayPal executive David Sacks to serve as the inaugural White House czar for artificial intelligence and cryptocurrency is already raising significant concerns about potential conflicts of interest and market favoritism.
Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. [...]
Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies Digital wallets like Apple Pay, Google Pay, and PayPal can be used to conduct transactions using stolen and cancelled payment cards, according to academic security researchers.…
But criminals posing as Microsoft workers scored the most ill-gotten gains The Federal Trade Commission (FTC) has shared data on the most impersonated companies in 2023, which include Best Buy, Amazon, and PayPal in the top three.…