Disclaimer: This event is based on a real fraud attempt we received; fortunately, we did not fall for the spoof. Using details from PayPal’s security center, this narrative reports what can happen to those who do become victims of phishing attempts like these.

Scammers are exploiting trusted retailers and platforms, and even the most vigilant users can be caught off guard.

A convincing alert, from what seemed like a trustworthy source, arrived at just the wrong moment, and it cost one customer their time, their money, and their sense of security.

Incident Summary

• A long-time customer received what appeared to be an urgent email from PayPal while waiting to board a flight. The message claimed a recent payment had failed and that her account would be suspended unless she verified the transaction immediately.
• The email looked authentic: company logos, professional layout, and a button reading “Log In Now.” Rushing to board her flight, and believing it was legitimate, the customer tapped the link and entered her credentials, unaware she had just given a scammer full access to her PayPal account.
• Before her flight touched down, the fraudster had locked her out, maxed her PayPal credit account, and initiated multiple unauthorized transactions to her linked bank account.
• Later that night, the customer noticed her debit card had been declined and saw unfamiliar transactions pending in her mobile banking app. Recognizing something was wrong, she was able to freeze her debit card and contact customer service the following morning.

Resolution

• Since she was traveling, the customer relied on her credit card and remaining cash for the rest of her trip, but prompt advice from customer service and locking her debit card helped prevent deeper losses.
• Customer service guided her through the process of filing a fraud claim and implementing best practices to prevent further unauthorized activity.
• Upon returning home, she met with her local branch team to finalize her claims, close the compromised access points, and issue a new debit card.
• The bank’s Fraud & Security teams investigated, partial funds were recovered, and frontline teams helped to ensure the customer’s personal information and online banking credentials were protected going forward.

Key Takeaways

This incident is another reminder of how realistic and deceptive phishing and “spoofed” communications have become, and how quickly they can compromise any linked accounts.

• The customer’s familiarity with their mobile tools, like the debit card freeze feature, helped contain the damage before it escalated further.
• A prompt and well-informed customer service team limited further losses and helped lay the groundwork for restored access to secure banking.
• Fraud & Security and the customer’s local lobby team collaborated to immediately close affected accounts and eventually recover partial funds.

Help Keep Our Customers Safe

Fraudsters count on urgency and distraction to trick their victims. Review these reminders with your teams:

• Be alert for customers reporting sudden account lockouts, password resets, or suspicious payment-app activity.
• Encourage customers to log in only through verified apps or websites, never through emailed links.
• Reinforce the importance of two-factor authentication and real-time account alerts.
• Act quickly and collaborate with Branch Management and Fraud & Security teams if customers believe they’ve been compromised.

A special thank-you to our Customer Care, Fraud & Security, and frontline teams for their daily efforts helping to keep our customers safe. Your work embodies TRB’s ongoing commitment to safety and soundness and to the people and communities we serve.

For a full version of this story to share with the people you know, click here.