1. Residential Customers
  2. Business Customers
  3. About Swisscom
  4. blue News
  1. My Swisscom
  3. myAI
  4. myCloud
  5. TV
  6. Phone book
EN
Weather
  1. blue News
  1. Entertainment
  1. Sport
Swisscom Services
  1. Phone Book
  3. Web TV
  4. My Swisscom
Swisscom Apps
  1. Swisscom blue News & E-Mail
  2. Swisscom blue TV
  3. Swisscom blue Cinema
  4. Swisscom myAI
  5. Swisscom myCloud
Language
  1. English
  2. Deutsch
  3. Français
  4. Italiano

Phishing attack Fraudsters want your money with this new PayPal scam

Martin Abgottspon

18.5.2026

Fraudsters are using a new scam to deceive PayPal users.
Fraudsters are using a new scam to deceive PayPal users.
Sebastian Kahnert/dpa

Anyone who receives an email with the subject "Problem with your PayPal account" is falling into a particularly clever trap. This scam uses PayPal's genuine infrastructure against its victims.

18.05.2026, 14:17

18.05.2026, 18:52

No time? blue News summarizes for you

  • Fake PayPal emails lure users to a deceptively genuine phishing page where they enter their login details.
  • The fraudsters immediately use these to trigger a genuine SMS security code, which they also request.
  • The aim: after the account has been taken over, further data is tapped. These include credit card number, CVV, address and telephone numbers.
Show more

The scam takes place in several phases. First, a deceptively genuine-looking PayPal email with a reference to "regular security checks" and an alleged login outside of the usual activity patterns is frightening. A button is supposed to lead to identity confirmation. In fact, you end up on a fake website in the full PayPal design. The victim enters their access data there.

Canton of Fribourg. Around 30 fraud attempts by fake police officers

Canton of FribourgAround 30 fraud attempts by fake police officers

What happens next is the really clever part. The fraudsters immediately use the stolen data in the background to trigger a genuine PayPal security code. They immediately ask the victim for this code. It looks like a regular verification step. This is how the criminals get past the two-factor protection without hacking it.

Once the code has been entered, access to the account opens and the attack escalates. Further queries follow: Credit card number, expiration date, CVV check digit, address, telephone number. In the end, the perpetrators not only have access to the PayPal account, but practically the entire financial identity of the victim. This opens up opportunities for attacks far beyond PayPal.

How to recognize the trap

The most reliable protection lies in the details. A password manager only enters the access data on a page whose URL it knows. On a phishing page, the form remains empty. This is not a coincidence, but a warning signal. Similarly, no reputable provider will ask you to confirm an SMS code by e-mail. And certainly not on an external website.

Important update. WhatsApp security vulnerabilities - what you should do now

Important updateWhatsApp security vulnerabilities - what you should do now

Anyone who receives such an email should delete it without interaction and check directly via the official PayPal app to see whether there is actually an account notification. Suspicious emails can also be reported directly to the company via this email.

The actual explosive nature of this wave of attacks lies in the system design. Two-factor authentication has been the security standard for years, but if the victim voluntarily passes on the code, even this protection is no longer effective. The weak point is not the technology, but the moment of confusion that criminals deliberately create.

More from MyTech

Climate researcher warns. Switzerland not prepared for the collapse of the Atlantic current

Climate researcher warnsSwitzerland not prepared for the collapse of the Atlantic current

Bavaria. After fire alarm: Munich Airport resumes operations

BavariaAfter fire alarm: Munich Airport resumes operations

On the way to Delhi. Swiss Airbus has to return to Zurich after more than 4 hours

On the way to DelhiSwiss Airbus has to return to Zurich after more than 4 hours

Swiss cross on shoes. Sporting goods manufacturer On apparently put massive pressure on the authorities

Swiss cross on shoesSporting goods manufacturer On apparently put massive pressure on the authorities

270 residents evacuated. Hazardous substance successfully disposed of in Zurich

270 residents evacuatedHazardous substance successfully disposed of in Zurich