They say you should never ignore an email from PayPal—but what if it’s the scam of all scams? In a shocking twist, cybercriminals have figured out a way to use PayPal’s own email system to target unsuspecting users. Let’s break down what’s happening and, more importantly, how you can protect yourself.
A new and highly sophisticated scam is targeting PayPal users by sending legitimate emails from PayPal’s own system. These emails appear authentic, bypassing traditional security filters, and trick users into calling a fraudulent support number—where the real scam begins.
How It Works
- Email from PayPal: You receive an email from service@paypal.com, confirming that a new address has been added to your account or that you’ve made a large purchase (such as a MacBook M4). Since it comes from the real PayPal domain, security filters don’t flag it as suspicious.
- Fake Support Number: The email includes a customer service phone number to call if you didn’t authorize the changes.
- Phishing via Phone: When you call the number, scammers posing as PayPal representatives convince you to hand over sensitive account information or even transfer funds.
Who’s Targeted?
This attack can affect anyone with a PayPal account, but it’s particularly dangerous for those who rely on email notifications for account security alerts. Businesses and individuals alike are at risk.
Real-Life Example
Multiple Reddit users have reported receiving these emails, expressing concern that they appeared completely legitimate. Some users nearly fell for the scam before realizing the phone number was fake. Cybersecurity expert Lawrence Abrams from BleepingComputer confirmed that the emails originate from PayPal’s real mail servers, making them nearly impossible for traditional security systems to detect.
Why You Should Care
- No security filter can stop this scam: Because the emails are genuinely from PayPal, spam filters and fraud detection tools won’t catch them.
- You could lose access to your PayPal funds: Calling the fake number could result in scammers stealing your login credentials and emptying your account.
- It’s a growing trend: As hackers continue to refine their methods, expect similar attacks to spread across other financial platforms.
How to Protect Yourself
- Never call numbers from emails—Always log in to PayPal through a bookmark or directly at paypal.com to verify any account changes.
- Check your account manually—If you receive an email about a change, log in to PayPal separately and review your settings.
- Enable two-factor authentication (2FA)—Even if scammers get your password, 2FA can prevent them from accessing your account.
- Be skeptical of urgency—Scammers want you to act fast. Take a moment to think before calling any number or clicking any links.
- Report suspicious activity—If you suspect fraud, contact PayPal’s official support through their website.
Quick Tips & Updates
Did you know? Scammers often create urgency to pressure victims into acting without thinking. If an email demands immediate action, take a step back and verify independently.
Pro Tip: Bookmark the official PayPal website and only use that to access your account. Never click on links in emails claiming to be from PayPal.
Stay safe, stay informed.
Key Definitions
- Phishing: A cybercrime where scammers trick individuals into providing sensitive information, such as passwords or banking details.
- Spoofing: When attackers disguise their identity by making an email, phone number, or website appear legitimate.
- Two-Factor Authentication (2FA): An extra layer of security requiring a second form of verification, such as a text message or authentication app code, in addition to a password.
To read more, kindly find source article here