Home Threats PayPal Visual Impersonation Wave

PayPal Visual Impersonation Wave

Target: Paypal | Attack: Visual Deception | Active: 883 days | Trend: ? Increasing

Active Threat Campaign

Uses character substitution (rn=m, 0=o, l=i) to create fake PayPal domains. Targets payment credential theft. Report suspicious activity to OziShield for free forensic analysis.

Latest variant: paypa1.com (detected 3 weeks ago)

1
Total Detections
0
Avg Per Day
4
Countries
3
Known Variants
1
Peak (May 23)

Attack Pattern Breakdown

Distribution of deception techniques used in this campaign:

Visual Deception 100.0%

Geographic Intelligence

Detection distribution by location:

Australia 100.0%

Known Variants

Example domains detected in this campaign:

Recent Activity

Latest variants detected by OziShield:

paypa1.com
Detected 3 weeks ago

How to Detect This Scam

Check for rn, vv, rri patterns in domain. Verify SSL certificate shows PayPal Inc. Look for character substitution: paypa1, paypaI, paypai.

What You Should Do

Never click payment links in emails. Go directly to paypal.com. Enable 2FA. Report to phishing@paypal.com

Report This Scam

If you've encountered this threat, report it to:

Scan Suspicious Links

Found a suspicious link? Check if it's part of this or another threat campaign.

Scan Link Free ?

Powered by OziShield | Explainable Forensic Scam Detection

Intelligence updated: May 23, 2026 3:36 PM UTC | Data refreshes automatically