I suddenly started getting security passcodes from PayPal even though I wasn’t using it. Does this mean someone has my password and is trying to get in?
This question was answered on September 8, 2022. Much of the information contained herein may have changed since posting.
It can be quite disconcerting to get a random message from a service provider with a security code, but you're experiencing one of the benefits of two-factor authentication.
Because you have registered your cell phone number as a secondary validation to your password, whenever the system detects unusual activity, it will send a special code that must be used to gain access to the account.
There are a variety of nefarious and legitimate activities that could be generating the security text message, but to play it safe, I’d change the password immediately.
Was It Really PayPal?
If you are getting ‘security codes’ from a standard 10-digit phone number, it isn’t PayPal at all.
PayPal text messages will come from a ‘short code’ like 729725 and you should also be able to see previous messages from their system.
Someone Has Your Password
If the code is coming from 729-725, that is PayPal’s messaging number, so someone may have your sign-in credentials.
If you use the same password on other accounts or you haven’t changed the password for many, many years, there are a variety of ways that someone could have acquired your password.
When hackers discover a legitimate password for any online service, they often employ bots that will try the same username and password on thousands of other websites in a matter of seconds.
If this is what happened to you, then PayPal generated the special code because the system did not recognize the device/location/browser that was used by the hacker’s bot.
The extra layer of security provided by two-factor authentication kept them from accessing your account and alerted you that someone was trying to get in.
Changing your password to something you have never used before will protect you from this type of unauthorized access and should stop the security messages from being sent.
Be aware that a related scam includes someone calling you claiming to be from PayPal security and asking you for the code that was sent to prove that you are the rightful owner. This is nothing more than a ploy to trick you into giving them the code they need so they can take over your account.
Forgotten Password Attempt
If you changed your password but continue to get security code text messages, it likely means that they never had your password but a bot is trying to use the password reset system to get in.
This is another scenario where someone may call you claiming to be from PayPal security asking for the code that they just sent.
If you use PayPal to automatically pay other services, it’s possible that the automated billing process for the third party is attempting to process a payment, but can’t without the security code.
If you aren’t sure, check the transaction history in your PayPal account to determine if you do have a connected account so you can manually update the payment information for the connected service.
About the author
Ken Colburn of Data Doctors on September 8, 2022