Scammers are once again impersonating PayPal and trying to trick users into handing over access to their accounts and their cash. The latest email campaign alerts recipients to a new (fake) transaction and payment profile and urges them to take action to set up their account. At first glance, the email seems to really be from PayPal. The sender’s address is service@paypal.com, a legitimate domain, and paypal.com is listed in the signed-by field. However, scammers are able to spoof the email in the “From” field to make it look legitimate when it isn’t. The layout looks relatively similar to other PayPal emails, including the company’s branding and footer. If you hover over the links, including the call-to-action button to “set up your profile,” they appear to go to a real PayPal site. After that, though, there's almost nothing but red flags. Obviously, you shouldn't engage with this, but if you did, you'd likely be prompted to add a secondary user to your PayPal account, which gives them access to issue payments using your information. It's hard to trust any communication about account security or financial transactions, but the best way to prevent becoming a victim is to always go directly to the website or app and log into your account to review any relevant alerts.
