A platform with 439 million active accounts definitely means it’s widely used but Paypal is also the most common target for fraudsters. 

Last year, in August 2025, a post shocked everyone to the core. A well-known hacking forum claimed that a 15.8 million PayPal login emails and plaintext passwords dataset was sold and easily accessible to everyone. 

This was a classic example of how hackers do not break into PayPal but instead target their active users with their tricks, like phishing emails, fake websites, malware, or stolen passwords. Once they get your login details, you're left with nothing. They take control of your PayPal account and take all the money in it, leaving you bankrupt. 

Now the thing to worry about is that the threat is not limited to millionaires and billionaires, but every common man with an account in PayPal. 

What can you do in these situations? Learn about the warning signs and simple steps to stay protected from such scams. In this blog, we are discussing exactly how PayPal accounts are hacked, how to look for the signs before damage, and what you can do if it happens to you.

Indica Mosley & her brother lost $3000 in a sneaker-selling PayPal Scam

There are so many incidents of PayPal scams, but this one will stay with you.

Back in 2019, two siblings, barely in college, Indica Mosley and her brother Charles thought of earning some extra cash like every other college goer. The idea was to sell sneakers online via Bump which is a sneaker trading app. Finally, they met a guy who was ready to pay $3000 for the sneakers. He said that instead of paying via Bump which would cost a service fee of 180 dollars he would pay via PayPal so that the sellers can benefit. He was adamant that he would only do so via Paypal, and Indica and Charles agreed to this.

Soon they received an email from PayPal that the payment was done (who knew it was a fake one). The scammer had made two payments of $1500 each, thinking that the payment was done, the siblings shipped the shoes to the scammer. 

He had designed everything very precisely, be it the logo, fonts, a security link (each and every detail) to make it look like a real PayPal notification. 

The only giveaway was the sender's address, which ended in "@mail" instead of "@paypal." When Indica reached out to the real PayPal for help afterward, she was told there was nothing they could do, since the payment never actually came through PayPal.

How do Hackers get into PayPal accounts?

Most unauthorized account access and security breaches at PayPal can take place in the following ways: 

Fake emails and Login Pages 

You get a message or an email from Paypal that there is a problem with your account. Anybody would get worried and take immediate action. You click on the link and then you are redirected to a website which is fake. The moment you enter your details, it goes to the scammers and all your money is gone. It’s not just the links, some scammers also use online ads so that you can download harmful softwares which can help them get access to all your data. 

Reused Passwords 

All of us are not in the habit of remembering or storing our passwords in a safe place, hence we tend to use the same. Hackers take advantage of this and once the get into your devices or systems or a platform from where they can loot the money, they try the same login details . If the passwords match, they can access all your accounts and misuse them.

Malware on Your Device 

Many times we download games or some new applications which are unsafe due to which harmful softwares gets installed on our devices. These softwares have the ability to access your usernames along with the passwords. The person committing the crime can then get into your confidential data. 

Fake Customer Support Calls 

You might get calls from unknown people pretending to be calling from PayPal. They will try to scare you by saying that your account has been hacked and there are chances that your money might get debited. You will be asked for OTPs, also your password and other personal details. Once you give them all these details, your Paypal account will be totally under the hacker’s control. 

Alerts That Warn You Before Your PayPal is Completely Hacked

• You notice payments or money transfers that you did not make. 

• Getting emails for changes in your account that you never asked for. 

• You lost access to your password and are unable to log in. 

• You stop receiving PayPal notifications that you normally get. 

• You get notified that a new number, email or a bank account was linked to your Paypal. 

• Your account was logged into a new location. 

• You notice very small transactions, sometimes less than 1 dollar. Scammers mostly start with tiny payments to check if any account is active or not before trying to drain the account. 

Your PayPal is Hacked, Now What? 

If you think someone has accessed your PayPal account, act quickly. 

Change Your Password Right Away 

Create a new, strong password that you have never used before. Also, turn on 2 verification codes for extra security. 

Log Out of All Devices 

Go to your PayPal security settings and sign out of all devices. This can help remove any unauthorized access. 

Contact Your Bank 

If you see payments or transfers that you did not make, contact your bank immediately. Tell them about the suspicious activity and ask if they can stop or block the transaction. 

Report It To PayPal 

Use PayPal’s Customer Care centre to report the problem. The sooner PayPal knows about it, the faster they can investigate. 

Watch Out For More Scams 

After an account is hacked, scammers may send more emails or messages using your real name to trick you again. Be extra careful with unexpected emails, links, and phone calls, 

Protect Your Personal Information 

If private details such as your address or Social Security Number were exposed, consider placing a credit freeze or fraud alert to help prevent identity theft.  The faster you act, the better your chances of limiting the damage 

Where Vault Steps In?

As we read above, most of the PayPal scams are happening because we are clicking on the wrong link. Vault solves this issue for you in seconds. Before you click it will stop you and give you a simple alert that will prevent you from getting into a fake website. That’s it, it’s this simple. It will not show you any confusing technical messages. 

The Vault browser extension is available on Chrome, Brave, and Microsoft Edge. Android and iOS apps are coming soon. You can join the waitlist today for early access. 

Frequently Asked Questions (FAQs)

Can someone hack your PayPal without your password?

Yes, your account can be hacked by tricking you into entering your login details on a fake website, using harmful software to steal information from your device, which means even if your password is strong, scammers can still get access to your account. 

Is it safe to keep money in PayPal? 

PayPal has a strong security system, but your account's safety also depends on using a strong password, turning on 2 factor authentication and being careful of fake websites can help your account secure.  

How to make out if the email received from PayPal is fake? 

Overall, the email looks exactly the same as real PayPal with the same logo, fonts and design. Look for the domain name carefully, it can be played around with typosquatting which is usually making a fake url. If the url is not directed to paypal.com , it is obviously fake. Sometimes you can also find weird ‘greetings’ like ‘Hey there, PayPal member’. This is not the standard format. 

Will PayPal refund me if I get hacked?

A quick action might help you get the money back, hence report as soon as possible. PayPal      has a ‘purchase protection’ policy, and if you meet the eligibility criteria, you can get your money back. 

How can I avoid getting my PayPal hacked? 

You need to turn on your two factor authentication. Use a difficult uncommon and unused password. Whenever you get PayPal notifications on emails or messages, do not click on any links. Try to take all necessary steps from the official website or application. 

Which browser does Vault work on?

Vault’s browser extension is easily available on Google Chrome, Brave, and Microsoft Edge, but Safari support is not available. 

Vault is available on all mostly used browsers, Google Chrome being the best. However, it is also available on Brave and Microsoft Edge.