Fake PayPal Two-Factor Reset Social-Engineering Scam
Criminals call PayPal users pretending to be PayPal's account-security team and socially engineer them into disabling or bypassing their own two-factor authentication.
Part of: Two-Factor Reset & Social Takeover Scams
Last reviewed: 8 June 2026
PayPal's two-factor authentication (2FA) is a meaningful barrier to account takeover. A scammer who has obtained a user's password — through a data breach, credential stuffing, or phishing — still cannot log in if 2FA is active. To overcome this, scammers have developed a social-engineering approach: call the account owner, pose as PayPal's security team, and persuade them to disable or circumvent their own 2FA.
The call script is designed to sound routine. The 'PayPal agent' tells the user they are performing a security audit, and that the user's 2FA method has been flagged as 'outdated' or 'compromised' and must be reset. To reset it, the user is instructed to enter a code that PayPal will send — which is actually the genuine OTP triggered by the scammer attempting to log in.
This attack requires no technical exploit. It defeats a major security feature through conversation alone.
How this scam works on the PayPal brand
The scammer dials the victim with a spoofed PayPal phone number. They say: 'We are conducting a security review on your account and notice your two-step verification method needs an urgent update. We will send a confirmation code to your phone — please read it back to us to verify your identity before we make the change.'
The scammer simultaneously attempts a login on paypal.com using the previously obtained password. PayPal sends a genuine OTP to the user's phone. The user reads it out, believing it is a PayPal identity check. The scammer enters the code and gains full access.
With the account open, the scammer may immediately change the registered email and phone number, making recovery harder, before withdrawing the balance or using linked funding sources.
Common red flags
- PayPal calls you proactively about a 2FA security review — PayPal does not make unsolicited calls to disable 2FA.
- The caller asks you to read back a code that just arrived on your phone.
- The caller's number shows PayPal but they cannot confirm your recent account activity accurately.
- The call uses urgency — your account will be locked unless you complete the reset now.
- The caller discourages you from logging in yourself to verify the issue.
- After reading the code, you notice you have been logged out of your PayPal session on other devices.
- The caller asks you to use a backup recovery code rather than a standard OTP.
How to protect yourself
- Know that PayPal will never call you and ask you to read back a code sent to your phone.
- Hang up and log in to paypal.com directly to check whether any security issue is real.
- Use an authenticator app for PayPal 2FA — it is harder to socially engineer than SMS-based codes.
- Never read any verification code to an inbound caller, regardless of who they say they are.
- Enable PayPal's login notifications so you see any new session immediately.
How to report it
- Forward suspicious PayPal emails to [email protected].
- Report spoofed calls to the FCC at fcc.gov/consumers/guides/caller-id-spoofing.
- Report to the FTC at reportfraud.ftc.gov.
- Contact PayPal support at paypal.com/help if your account was accessed.
- File with ic3.gov if funds were taken.
Frequently asked questions
Does PayPal ever call customers to reset their 2FA?
PayPal does not make unsolicited calls to walk customers through two-factor authentication changes. Any such call is a social-engineering attack. Manage all 2FA settings yourself within the PayPal app or website.
Can I prevent this type of attack if I already use 2FA?
Use an authenticator app rather than SMS for 2FA — it is not tied to your phone number and cannot be triggered by the scammer initiating a login. Also, never read a code to any inbound caller.
The code arrived before the caller mentioned it. Does that mean the call is legitimate?
No — it means the scammer has already triggered a PayPal login attempt using your stolen password. The code arriving is proof the scammer is actively trying to access your account. Hang up immediately and change your PayPal password.