PayPal is aware of recent significant data breaches in Australia, including the breaches impacting Optus, Medibank and others. We have not detected any impact on our systems in connection with these breaches.
Your security is a top priority for us: our security teams continue to monitor the situation, and PayPal security controls are in place to help protect your account from unauthorised access.
Whether or not you are an individual affected by a data breach, we encourage you to be vigilant. More information on how to limit the impact of data breaches can be found through these reputable sources: The Australian Cyber Security Centre (ACSC), Moneysmart, or Office of the Australian Information Commissioner.
If you believe you’ve received a phishing email or SMS that appears to have come from PayPal, don’t respond and don’t click on any links or open any attachments. Simply forward the entire email, or screenshot of the SMS, to phishing@paypal.com.
As online scams are getting more sophisticated and may take advantage of breached data, here are some steps you can take to protect yourself online:
1. How to identify a phishing email:
- Generic email greetings that do not address you by name
- URLs that look deceptive and inauthentic to PayPal
- Wrong, out of date or out of place logos, design, or font type
2. How to spot a fake email:
- False sense of urgency
- Attachments – A real email from PayPal will rarely include an attachment and will never contain software
- If you aren’t sure if an account alert is from us, log in to your PayPal account and check for urgent messages or related notifications
3. How to identify scams:
- The promise of money in return for a favour
- Notifications of lottery wins
- Unsolicited job offers
- Unexpected invoices for work you have not authorised
4. Communicate with PayPal the safe way. Always log in at PayPal.com.au to update your personal information.
5. Consider adding an extra layer of security to your PayPal account by enabling two-factor authentication for your login. In addition to your password, once this feature is activated, you’ll enter another code to access your account. See here for more.