The scam follows a clear pattern that relies on psychology and urgency:

The bait email (or text message): You receive an email that appears to be from PayPal. The pretext for the “restriction” varies: It could be a failed transaction, a necessary security check, or an update to your information.

The “panic factor”: The message creates pressure. It threatens consequences, such as the “permanent suspension” of your account, if you don’t act “immediately.” This sense of urgency is designed to prevent you from critically examining the message.

The fake link: The email contains a prominent button or link, often labeled “Verify account now,” “Log in,” or “Resolve an issue.”

The scam link: The Phishing Page: Clicking this link will not take you to the real PayPal website, but to a deceptively realistic fake. The web address (URL) in your browser often looks similar to the real one, but is incorrect (e.g., paypal.sicherheit-center.com instead of paypal.com).

The Data Theft: On this fake page, you will be asked to log in. As soon as you enter your email address and password, this data will be sent directly to the fraudsters. In a second step, the criminals often request further information: addresses, dates of birth, security questions, and sometimes even complete credit card or bank account details.

With this data, the attackers can take over your account, make purchases at your expense, or misuse your identity for further crimes.

Even though emails are becoming increasingly professional, there are clear warning signs:

• The salutation: Genuine PayPal emails almost always address you by your full first and last name (e.g., “Good day, Max Mustermann”). Phishing emails often use impersonal salutations such as “Dear Customer,” “Hello PayPal Member,” or just your email address.
• The sender’s address: Take a close look at the sender’s email address. Scammers use addresses that look legitimate but contain minor errors (e.g., @paypal-service.net, @mail-paypal.org, or @pp.com). Genuine emails from PayPal always end in @paypal.com or @paypal.de.
• The link (mouseover test): Hover your mouse cursor over the link in the email without clicking it. The actual destination URL is displayed in the corner of your browser or email program. If it doesn’t clearly point to https://www.paypal.com (or paypal.de), it’s a scam.
• Urgency and threats: Legitimate companies rarely put their customers under such intense time pressure or threaten immediate account suspension.
• Spelling and grammar errors: Many phishing emails contain strange phrasing, grammatical errors, or translation mistakes.

If you receive such an email, the correct course of action is crucial:

• DO NOT CLICK ANYTHING: Under no circumstances should you click on any links or buttons in the suspicious email. Do not open any attachments either.
• DO NOT REPLY: Never reply to the email.
• Log in manually (The gold standard): If you are unsure whether there is actually a problem with your account, open a new browser window or tab. Manually enter paypal.com into the address bar.
• Verify: Log in to your account on the genuine website. If there is a real problem, restriction, or required verification, this will always be displayed immediately after logging in to your secure account area. If there is no message there, the email was a fake.
• Report and delete: Forward the suspicious email to phishing@paypal.com. PayPal evaluates these submissions. Delete the email afterwards.
• Be sure to use 2-factor authentication (2FA)

What to do if you’ve fallen victim?

• If you’ve already entered your information on a fake website, you must act immediately:
• Change your password: Go to the real PayPal website (paypal.com) immediately and change your password.
• Change your security questions: Change your security questions as well if the scammers asked for them.
• Inform your bank/credit card provider: If you also entered bank or credit card information, contact your bank or credit card provider immediately. Contact your credit card company and have the card blocked.
• Contact PayPal Support: Inform PayPal Support about the incident.
• Check your activity: Review your account activity for suspicious transactions and report them.
• File a police report: File a police report.

The “Your PayPal account has been restricted” scam is a classic phishing attack that preys on users’ fears. The best protection is healthy skepticism. Don’t trust any email that urges you to take immediate action, and if in doubt, always log into your account manually via the official website.