Fake PayPal Live Chat Password-Reset Scam
Scammers run fake PayPal chat-support pages that walk victims through a 'password reset' process designed to capture new credentials as they are set and immediately change them on the real account.
Part of: Fake Customer-Service Chatbots
Last reviewed: 8 June 2026
PayPal's password-reset flow is a well-documented process: the user requests a reset, receives an email with a link, and sets a new password on a secure page. Scammers replicate the visual design of every step in this flow and host it on lookalike domains. Through fake chat support, they convince victims that a password reset is necessary — for example, citing a security incident — and walk them through the fraudulent version.
Because the victim is actively setting a new password rather than having their old one stolen, they do not feel like a victim. They believe they are being helped. Yet the scammer captures the new password in real time and immediately uses it — alongside a one-time code also collected in the chat — to take over the account before the victim can log in with the new credentials.
This variant is particularly sophisticated because the victim ends the interaction feeling that their account security improved, and may not discover the takeover for hours.
How this scam works on the PayPal brand
The fake chat opens with: 'Hi, I'm from PayPal Security. We've noticed unusual login attempts on your account and recommend a password reset to protect your funds.' The agent then walks the victim through a sequence: click a link (which goes to a fake PayPal reset page), enter a new password twice, and enter the verification code sent to your phone.
Each entered value is captured in real time by the scammer. The new password is immediately entered on the real PayPal login, the OTP is relayed to complete two-factor authentication, and the scammer changes the registered email address before the victim's session can be used.
The victim completes the 'reset,' receives a thank-you message from the fake chat, and closes the window — completely unaware that their account has just been taken over under the guise of being secured.
Common red flags
- A chat agent proactively contacts you about a security issue without you initiating a support session.
- You are guided to a password-reset page via a link in the chat rather than through the official paypal.com settings.
- The reset page URL is not paypal.com.
- The agent asks for the SMS code that just arrived on your phone to 'confirm the reset was authorised by you.'
- After completing the 'reset,' you cannot log in to your real PayPal account with the new password.
- The chat appeared through a search ad result rather than within paypal.com.
- The agent addresses security urgency without being able to confirm any specific transaction from your real account.
How to protect yourself
- Initiate any PayPal password reset yourself by going to paypal.com/auth/loginChange and requesting a reset — never through a chat agent's link.
- Know that a PayPal password reset email comes from @paypal.com and links to a page on paypal.com only.
- Enable PayPal's two-step login with an authenticator app so that even if a password is stolen, login requires a second factor.
- After any password change, immediately verify the registered email and phone number inside your account settings.
- If you are guided through a 'reset' by a chat and then cannot log in, call PayPal immediately at the number on paypal.com.
How to report it
- Forward the phishing link or email to [email protected].
- Contact PayPal support at paypal.com/help to recover account access.
- Report to the FTC at reportfraud.ftc.gov.
- Report the site to Google Safe Browsing.
- File with ic3.gov if funds were taken.
Frequently asked questions
Does PayPal proactively initiate a chat about security issues?
PayPal may send security emails, but it does not start unsolicited live chats through third-party websites to inform you of security incidents. Any chat initiating security guidance should be treated with caution unless you started it within paypal.com.
How do I recover a PayPal account taken over by this method?
Go to paypal.com and use the 'Having trouble logging in?' link to start the account recovery process using your original email or phone number. If those have been changed, contact PayPal's customer service directly.
What is a real-time phishing proxy attack?
It is a technique where the scammer sits between you and the real website, relaying your inputs to the real site and the responses back to you — so you see what looks like a genuine experience while the scammer authenticates in parallel. The chatbot format facilitates this relay seamlessly.