Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs
Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools
PayPal is a digital payments platform whose account security, fraud controls, vulnerabilities, and breach disclosures can affect online transactions.
Search across headline titles and summaries.
Background for this topic.
PayPal is an online payment platform for consumer accounts, merchant checkout, money transfers, and payment-processing integrations. Its ecosystem includes web and mobile applications, APIs, account-funding methods, and merchant webhooks, so security news may concern PayPal services, connected applications, or the handling of payment and identity data.
The main security concerns are account takeover through phishing, credential reuse, or stolen session data; fraudulent payments and unauthorized transfers; and weaknesses in merchant integrations that mishandle API credentials or fail to verify webhook messages. Defenders should use available multifactor authentication, protect API secrets, validate transaction state server-side, and monitor unusual account and payment activity. Vulnerability advisories affecting PayPal software or integrated systems require prompt assessment, while suspected fraud or compromise calls for preserving transaction records, securing the account, and following PayPal’s reporting and recovery procedures. Privacy and payment-security obligations also depend on what personal and card data a merchant stores or transmits.
Weekly headline count for the current query.
Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients
The phishing email warned users that there had been fraud on the account
Payments giant says attacks happened in early December
Trend Micro found evidence of new PayPal scammers impersonating crypto-related businesses
Threat actors combine techniques to trick users
Advice and insights into supply chain risk management were provided by security leaders from PayPal and OneTrust during the RSA Conference