A new phishing scam is abusing PayPal’s address settings to send fraudulent purchase confirmations, tricking users into calling scammers who attempt to gain remote access to their devices.
These emails, sent directly from PayPal’s legitimate email address, falsely claim that a new shipping address was added and reference an unauthorized purchase, often for a MacBook.
Scammers include a fake PayPal support number, and those who call are deceived into downloading remote access software under the guise of securing their accounts.
Further investigation revealed that fraudsters insert their scam messages into PayPal’s “Address 2” field, causing PayPal to generate and send the misleading confirmation emails.
By exploiting forwarding mechanisms in Microsoft 365 mailing lists, attackers ensure the phishing emails reach a large number of potential victims.
Because the emails originate from PayPal and pass security checks, they bypass spam filters, making them harder to detect.
Users should ignore such emails, avoid calling the listed number, and verify account details directly through PayPal to prevent falling victim to this scam.
Logging you in...
Loading IntenseDebate Comments...