How the Scam Works
A new PayPal phishing scam is spreading, and it’s more convincing than ever. Unlike typical scams filled with spelling mistakes and fake email addresses, this one comes from PayPal’s actual email domain: [email protected]. This makes it difficult to detect and easy to fall for.
How Did the Scam Start?
PayPal recently introduced a ‘gift address’ feature, allowing users to add multiple shipping addresses without changing their primary one. Scammers have found a way to exploit this by using PayPal’s automated email system to send fake notifications that appear completely legitimate.
Users receive an email stating that a new shipping address has been added to their PayPal account and that they need to confirm an expensive purchase—such as a PlayStation or MacBook—that they supposedly made. The email is designed to cause panic, leading victims to call a fake customer service number for help.
Why This Scam Is Different
Most phishing scams rely on fake email addresses that look similar to real ones, but this scam uses PayPal’s actual email system. Since the message comes directly from PayPal’s domain, it easily bypasses spam filters, making victims more likely to trust it.
Instead of asking users to click on suspicious links, this scam convinces them to call a phone number listed in the email. This small change makes it harder for email providers to flag the scam as phishing.
What Happens if You Call the Number?
If you call the number provided in the email, you’ll speak to someone pretending to be a PayPal representative. They will:
- Claim that your PayPal account has been hacked.
- Insist that an unauthorized person is making purchases in your name.
- Urge you to secure your account immediately before more charges go through.
This is where the real danger begins. The scammer will ask you to install remote access software on your computer, such as TeamViewer, AnyDesk, or ConnectWise. These tools allow IT professionals to assist customers remotely—but in the wrong hands, they can be used to take control of your device.
Once the scammer gains access, they can:
- Steal your PayPal login credentials.
- Lock you out of your own account.
- Access your bank details and saved passwords.
- Install malware to spy on you and steal sensitive information later.
How to Protect Yourself
If you receive an unexpected PayPal email, follow these steps:
1. Don’t Panic
Scammers rely on fear and urgency to trick you into making quick decisions. Take a deep breath and analyze the situation before taking any action.
2. Never Call the Phone Number in the Email
PayPal does not include customer service phone numbers in emails. Instead, go directly to PayPal’s official website, log into your account, and check for any suspicious activity.
3. Check Your Account Manually
Go to PayPal.com, sign in, and check your recent transactions and shipping addresses. If nothing looks unusual, the email is a scam.
4. Enable Two-Factor Authentication (2FA)
Turn on 2FA in your PayPal settings. Even if scammers get your password, they won’t be able to access your account without the additional security code.
5. Change Your Password Regularly
Use a strong, unique password for PayPal and update it frequently to minimize the risk of being hacked.
6. Report Phishing Emails
Forward any suspicious emails to [email protected] and then delete them. The more reports PayPal receives, the faster they can take action against scammers.
Disclaimer – Our team has carefully fact-checked this article to make sure it’s accurate and free from any misinformation. We’re dedicated to keeping our content honest and reliable for our readers.