New PayPal Scam Uses Real Emails to Trick You
There’s a new PayPal phishing scam making the rounds, and it’s so convincing that even security-conscious users are getting caught in it. Unlike typical scams riddled with typos and fake domains, this one uses PayPal’s own email system to send you an alert that looks 100% real. You might get a message like, "You added a new address. This is just a quick confirmation that you added in your PayPal account”…….except you didn’t. Here's how the scam operates:
- Exploiting real features: Scammers abuse PayPal’s "add address" or "money request" tools. By entering your email, they can trigger real emails from PayPal’s real domain. And this works even if you don’t have a PayPal account.
- Bypassing filters: Because these emails come directly from PayPal’s servers (service@paypal.com), they pass all security checks and appear legitimate in your inbox.
- Lack of suspicion: Some versions contain no phishing links at all, just a scammer’s phone number, making them even harder to detect.
- Panic bait: The message often claims a new address was added, or a large payment is being processed, getting your attention and provoking a quick reaction.
- Follow-up attacks: After the initial email, scammers may later contact you pretending to be PayPal support. Some urge you to click a link to "secure your account", which leads to a fake login page designed to steal your credentials.
- 1. Don’t click links in suspicious emails, even if they look real, and use strong antivirus software.
- 2. Enable two-factor authentication
- 3. Use a password manager to ensure every login you use has a unique, strong password.
- 4. Check your account manually to see if anything looks off.
- 5. Report the scam to phishing@palpal.com
- 6. Use a personal data removal service to reduce your exposure.
- 7. Get a free scan to find out if your personal information is already out on the web.
