Beware the FAKE PayPal Prefund Confirmation Text Scam – Investigation
Written by: Thomas Orsolya
Published on:
A text message claiming that your PayPal account is linked to a third-party wallet and that $980 will be processed soon is not a real PayPal alert.
This is a fake PayPal “prefund confirmation” message designed to make you call a scam phone number. Once you call, the scam shifts into a tech support scam where criminals try to access your device, your bank account, and your money.
Scam Overview
The PayPal Prefund Confirmation Text Scam is a fake security or account activation message that pretends to come from PayPal. The message usually claims that a small deposit has confirmed your account is active, that your account is now linked to a third-party wallet, and that a larger amount, often $980, will be processed soon.
A typical version says:
“Prefund confirmation: Your account is linked to a third-party wallet. This small deposit ensures whether your account is active or not. Your account has been activated successfully, and 980 USD will be processed soon. For assistance, contact [scam phone number].”
At first glance, the message is confusing. That confusion is intentional.
Most people do not use the term “prefund confirmation” in normal banking or PayPal activity. They may not know what a third-party wallet link means. They may also worry that someone has connected a strange wallet to their PayPal account and is about to move $980.
That moment of panic is exactly what the scammers want.
The message is not really about PayPal. It is bait for a phone call. The phone number in the text does not connect you to PayPal customer support. It connects you to a fake tech support center operated by scammers.
PayPal warns users not to call phone numbers listed in suspicious messages and says suspicious emails or messages should be reported through official PayPal channels. (PayPal)
Once victims call the number, the scammer usually pretends to be from PayPal, a fraud department, a security team, or a refund department. The caller may sound calm, professional, and scripted. They may even know how to imitate the tone of a real customer service agent.
The scammer then claims there is a problem with your PayPal account, your bank account, your device, or your network. They may say your phone or computer is infected. They may say hackers are trying to transfer money. They may say the $980 transaction is pending and can only be canceled if you follow their instructions.
This is where the scam becomes dangerous.
The fake agent will often ask you to install remote access software such as AnyDesk, TeamViewer, UltraViewer, or a similar tool. These apps are legitimate when used properly, but scammers misuse them to view your screen, control your device, and guide you into exposing sensitive information.
The FTC warns that tech support scammers commonly ask for remote access, then may direct victims to fake refund pages or trick them into entering bank or card details.
Once connected, the scammer may ask you to open your online banking app, PayPal account, email account, or password manager. They may claim this is needed to verify your identity, cancel the transaction, process a refund, or “secure” your account.
In reality, they are watching everything.
They may look for:
Bank account balances
Credit card details
PayPal login information
Email access
Saved passwords
Two-factor authentication codes
Identity documents
Cryptocurrency wallets
Business accounts
Personal photos or files they can use for pressure
Some scammers use fake refund tricks. They may pretend to accidentally send too much money back to you, then demand you return the difference. Others may edit the webpage on your screen or use tricks to make it look like your bank balance changed.
Another common tactic is gift card fraud.
The scammer may say the only way to cancel the fake $980 transaction is to buy gift cards, read the codes over the phone, and wait for reimbursement. This is always a scam. The FTC states clearly that anyone who asks you to pay with a gift card is a scammer.
They may ask for gift cards from Apple, Google Play, Target, Walmart, Steam, eBay, or other major retailers. Once the codes are sent, the money is usually gone within minutes.
The PayPal Prefund Confirmation Text Scam is especially effective because it combines several psychological triggers:
A trusted brand name
A strange financial term
A specific dollar amount
A fake account activation notice
A sense of urgency
A phone number that feels like a direct support line
Fear of unauthorized access
The promise that help is available immediately
The message does not need to be perfectly written. It only needs to make the recipient think, “What is this, and do I need to stop it?”
That is enough to push some people into calling.
The important thing to understand is simple: PayPal is not sending these texts. The $980 transaction is not real. The phone number is not PayPal support. The goal is not to help you. The goal is to get you on the phone and manipulate you into giving scammers access, information, or money.
How The Scam Works
1. The Fake PayPal Text Arrives
The scam begins with a text message that appears to be related to PayPal. It may arrive from a random phone number, a spoofed sender name, or a number that looks ordinary enough not to raise immediate suspicion.
The text uses phrases such as:
“Prefund confirmation”
“Your account is linked to a third-party wallet”
“Your account has been activated successfully”
“$980 will be processed soon”
“For assistance, contact this number”
The wording is awkward, but that is part of the trap. Many people read it and think there may be a real issue they do not understand.
The scammer wants you to focus on the possible $980 charge, not the suspicious language.
2. The Message Creates Panic
The mention of a third-party wallet is meant to sound like someone has connected an outside payment account to your PayPal. This makes the message feel like an account takeover warning.
The $980 amount is also carefully chosen. It is large enough to cause stress, but not so large that it feels unbelievable.
The victim may think:
“Did someone hack my PayPal?”
“Is this money about to leave my account?”
“What is a prefund confirmation?”
“Do I need to cancel this immediately?”
“Is the phone number my fastest option?”
That emotional pressure is the real weapon.
3. The Victim Calls the Scam Number
The text includes a phone number for “assistance.” Calling that number is the turning point.
The person who answers is not a PayPal employee. They are a scammer trained to sound like support staff.
They may answer with a professional greeting such as:
“PayPal billing department”
“PayPal fraud protection”
“PayPal security support”
“Customer refund department”
“Online payment verification team”
They may ask for your name, phone number, email address, or PayPal email. This makes the call feel official, but it also helps them collect personal data.
4. The Scammer Confirms a Fake Problem
After you explain the text, the scammer will pretend to check your account. They may put you on hold, type loudly, or read from a script to make the call feel real.
Then they will “confirm” that something suspicious is happening.
They may claim:
A third-party wallet was linked to your PayPal
A $980 transfer is pending
Your account was accessed from another state or country
Your device has been compromised
Your IP address is being used by hackers
Multiple failed login attempts were detected
Your bank account is at risk
The transaction can still be stopped if you act now
This is not a real diagnosis. It is a pressure script.
5. They Move the Scam From PayPal to Your Device
The scammer now shifts the story. Instead of simply discussing PayPal, they claim the problem is caused by your phone, computer, browser, network, or email account.
This is how a fake PayPal alert becomes a tech support scam.
They may say:
“Your device is infected”
“Hackers are watching your screen”
“Your browser has been compromised”
“We need to secure your system”
“We need to connect you to a secure server”
“We need remote access to cancel the transaction”
This sounds technical, but it is just a setup for remote access.
6. They Ask You to Install Remote Access Software
Next, the scammer asks you to download an app such as AnyDesk or another remote connection tool.
They may say it is needed to:
Cancel the $980 transfer
Verify the account holder
Remove hackers
Issue a refund
Secure your PayPal account
Protect your bank account
Scan your device
The software itself may be legitimate. The scam is how it is being used.
Once you give the scammer the remote access code, they may be able to see your screen, move your mouse, open apps, browse files, and guide you through sensitive actions.
Never give remote access to someone who contacted you through a suspicious message or phone number.
7. They Ask You to Log In to Sensitive Accounts
Once connected, the scammer may ask you to open PayPal, your email, or your online banking account.
They may claim they need to verify whether the fake $980 charge has reached your bank. They may say they need to check for unauthorized transactions. They may tell you not to worry because they are using a “secure connection.”
This is where many victims lose money.
The scammer may watch as you type passwords, view account balances, copy personal information, or approve security prompts.
They may also ask you to read out one-time verification codes. Real companies do not need you to read security codes to random callers.
8. They Use Fake Refund Tricks
In many versions of this scam, the criminal claims they will refund or cancel the $980 charge. They may open a fake form and ask you to type an amount.
Then they pretend a mistake happened.
For example, they may claim they accidentally refunded $9,800 instead of $980. They may show you a manipulated screen or use browser tricks to make it look like your bank balance increased.
Then they pressure you to return the “extra” money.
This is a classic refund scam tactic. The money was never deposited. The screen was manipulated. But the victim is pressured into sending real money back.
9. They Demand Gift Cards, Wire Transfers, Crypto, or Payment Apps
If the scammer thinks they can get money from you, they will push for payment methods that are hard to reverse.
The most common request is gift cards.
They may tell you to buy cards from a local store, scratch off the back, and read the codes over the phone. They may stay on the line while you drive to the store. They may tell you not to speak to the cashier. They may say the cards are only for “verification” and will be refunded.
That is false.
Gift card codes are cash to scammers. Once they receive the codes, they can drain them quickly.
They may also ask for:
Bank transfers
Zelle payments
Cash App payments
PayPal Friends and Family payments
Cryptocurrency
Cash sent by mail
Prepaid cards
Any support agent who asks for these payment methods is not legitimate.
10. They May Try to Keep Control
Some scammers do not stop after the first payment. They may call again and pretend to be a bank, PayPal investigator, cybersecurity company, government agency, or recovery department.
They may say:
“Your refund is still pending”
“We recovered some of your money”
“You need to pay a release fee”
“Your bank account is still compromised”
“You must keep this confidential”
“Do not contact your bank yet”
This is designed to isolate the victim and keep the scam going.
If you already interacted with the scammers, do not continue the conversation. Hang up, disconnect your device from the internet, and contact your bank using a verified number.
What To Do If You Have Fallen Victim to This Scam
1. Stop Contact With the Scammers Immediately
Do not call them back. Do not answer follow-up calls. Do not reply to text messages.
If they are still connected to your device, disconnect from the internet immediately. Turn off WiFi, unplug Ethernet, or shut down the device.
Do not argue with them or try to catch them. Your priority is limiting damage.
2. Remove Remote Access Software
If you installed AnyDesk, TeamViewer, UltraViewer, or another remote access tool, uninstall it.
Also check whether the scammer installed anything else while connected.
Look for unfamiliar apps, browser extensions, remote tools, VPN tools, or “security” programs you do not recognize.
3. Run a Full Security Scan
Use trusted security software to scan your computer or phone.
If the scammer had full access to your device, consider getting help from a trusted local technician. In serious cases, a full system reset may be safest.
Do not use a technician or company recommended by the scammer.
4. Change Important Passwords From a Clean Device
Change passwords for:
PayPal
Email accounts
Online banking
Credit card accounts
Apple ID or Google account
Shopping accounts
Password manager
Social media accounts
Cryptocurrency wallets
Use a different, secure device if possible. If the scammer accessed your computer, do not change passwords from that same machine until it has been checked.
5. Enable Two-Factor Authentication
Turn on two-factor authentication for PayPal, email, banking, and other important accounts.
Use an authenticator app when possible. SMS codes are better than nothing, but authenticator apps are generally stronger.
6. Contact Your Bank or Card Issuer
Call your bank using the official number on the back of your card or from the bank’s official website.
Tell them:
You received a fake PayPal text
You called the number
A scammer may have accessed your device
You may have exposed banking information
You may have sent money or purchased gift cards
Ask them to monitor or freeze affected accounts, cancel cards if needed, and dispute unauthorized transactions.
7. Contact PayPal Directly
Log in by typing PayPal’s official website address into your browser. Do not use links from the text.
Check your account activity. Look for unauthorized payments, linked bank accounts, linked cards, shipping addresses, or profile changes.
Report the suspicious message to PayPal. PayPal says suspicious emails can be forwarded to phishing@paypal.com, and users should avoid calling phone numbers listed in suspicious messages.
8. If You Bought Gift Cards, Contact the Gift Card Company
If you gave gift card codes to the scammer, contact the gift card issuer immediately.
Tell them the cards were used in a scam. Provide receipts, card numbers, purchase times, and any scam phone numbers involved.
Recovery is not guaranteed, but acting quickly gives you the best chance.
9. Report the Scam
Report the scam to:
The FTC at ReportFraud.ftc.gov
The FBI’s IC3 at ic3.gov if you are in the United States
Your local police or cybercrime authority
PayPal’s official phishing reporting channel
Your mobile carrier by forwarding the scam text to 7726, if supported
After one scam attempt, your phone number may be targeted again.
Be suspicious of anyone claiming they can recover your money for a fee. Many “recovery experts” are scammers too.
Also watch for calls claiming to be from:
PayPal fraud department
Your bank’s security team
Microsoft or Apple support
The FTC
The FBI
A gift card refund department
A crypto recovery service
Real agencies and companies do not demand gift cards, remote access, or secrecy.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
The PayPal Prefund Confirmation Text Scam is not a real PayPal alert. It is a fake message designed to make you call a scam phone number.
Once you call, scammers pose as support agents, claim your device or account is compromised, ask for remote access, and try to steal money through bank access, fake refunds, or gift card payments.
Do not call the number in the text. Do not install remote access software. Do not share codes, passwords, banking details, or gift card numbers.
Check your PayPal account only through the official PayPal website or app, then report the message and delete it.
FAQ
Is the PayPal “Prefund Confirmation” text real?
No. This message is fake and not sent by PayPal. It is designed to trick you into calling a scam phone number.
What should I do if I receive this text?
Do not call the number. Delete the message and check your PayPal account only through the official app or website.
Why does the message mention $980?
The amount is used to create urgency and fear. It is not a real transaction.
What happens if I call the number?
You will reach scammers pretending to be support agents. They will try to convince you your account or device is compromised and push you to give them access or money.
Why do scammers ask for remote access apps like AnyDesk?
Remote access lets them see your screen, control your device, and steal sensitive information such as passwords or banking details.
Will PayPal ever ask me to install software or call a number from a text?
No. PayPal does not ask you to install remote access software or call random phone numbers from unsolicited messages.
Why do they ask for gift cards?
Gift cards are difficult to trace and cannot be reversed. Once you share the codes, the money is gone.
Can I get my money back if I was scammed?
It depends on the payment method and how quickly you act. Contact your bank, PayPal, or the gift card issuer immediately for the best chance of recovery.
How can I protect myself from similar scams?
Avoid calling numbers from unsolicited messages, never share codes or passwords, and always verify alerts through official websites or apps.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
