Quick Links
A new PayPal phishing scam has been reported, and this one is particularly clever and looks surprisingly real. There are no obvious typos, sketchy sender email addresses, or grammatical errors, and it comes from PayPal’s official email address, service@paypal.com.
How Did the Scam Begin?
PayPal introduced its gift address feature, designed to give users more flexibility in shipping to multiple addresses. So, instead of changing your shipping address every time you buy something, you can now add extra addresses for deliveries. It’s a very useful feature—especially when sending gifts or having purchases delivered elsewhere without manually updating your account settings. But unfortunately, scammers have turned it into a phishing scam.
Scammers are now exploiting this new gift address feature by abusing its automated email system. This allows them to send out notifications that look completely real.
You may receive an email from PayPal saying that a new address has been added, and you need to confirm an expensive purchase you supposedly made. Of course, it’s all fake. You didn’t add a new address, and you don’t remember ordering a MacBook or a PlayStation. You start to worry that someone might have hacked your account.
Their goal is to convince you that your account has been hacked and that the only way to fix it is by installing remote access software (RAT), which allows them to gain full control of your computer. This is unlike your standard phishing attempts, so beware.
How the Scam Works
You may wonder how a scammer is able to abuse PayPal’s automated email delivery system to send out a legitimate-looking email. Well, it’s not difficult at all. Automatic email confirmation from PayPal after an account change is a standard security feature designed to alert you of any changes to your account. However, scammers have now found a way to manipulate the system.
The scammer goes into a PayPal account, either their own or one they’ve hacked, and then adds a new address. When they do this, PayPal automatically sends a confirmation email to the account owner. The email comes directly from PayPal’s real domain, making it appear legitimate.
Then they set up auto-forwarding that allows the email to get forwarded to the victim. The legit PayPal email gets sent to a fake email that they manage and is configured to forward to a Microsoft 365 mailing list. This mailing list contains thousands of email addresses, all potential victims.
To make the email even more alarming, the scammer usually adds a note in the “gift address” field (along with a support number) saying that you’ve just bought an expensive item—like a PlayStation—using the new address.
You know you didn’t make this purchase, but the email makes you panic, leading you to call the fake customer service number. These days, even Caller IDs can be faked.
Why This Phishing Scam Is Different
Most phishing scams rely on impersonating a company by spoofing an email address—creating a fake version of a legitimate company’s email. Email providers like Gmail and Yahoo often flag these as spam or phishing attempts. But this new PayPal scam is different because it’s coming directly from PayPal’s actual domain.
Other scammers buy domains that look similar to actual brands, but aren’t real. These might have small misspellings or slight variations that make them different from the official email address, e.g., “paypall.com” instead of “paypal.com.”
Since the sender is actually service@paypal.com, spam filters can’t always detect it as a phishing attempt, making victims more likely to trust it. By using an official PayPal-generated email, scammers are a step ahead.
What Happens if You Call the Number?
Let’s say you see the email, panic, and call the number.
The person on the other end sounds professional. They introduce themselves as a PayPal representative, ask for your name, and thank you for calling. Then, they claim your account has been hacked. They say a hacker added a fake address and is now making unauthorized transactions in your name.
They make it sound really bad. Then, they tell you they need to secure your account immediately before more charges go through.
You start to panic. That’s when they ask you to install software on your computer. And it’s not just any software—it’s remote access software.
They might ask you to install legitimate tools like ConnectWise, TeamViewer, or AnyDesk—which are used by IT professionals to fix technical problems but can be abused by scammers since it can grant them access to your system.
Once you install it and grant them access, they get full access to your computer. Now, they can log in to your PayPal account and steal your credentials, change your account settings to prevent you from gaining access back, access your bank accounts and saved passwords, and even install malware to spy on you later.
Some victims have even reported that scammers watch them enter passwords in real-time—then take over their accounts instantly. I don’t know about you, but that terrifies me.
How to Protect Yourself
If you run a business and rely on PayPal, you might panic over an unauthorized charge. Even regular PayPal users can miss the warning signs because they receive so many legitimate notifications.
To avoid falling for these types of scams, the first thing you should do is not panic. It’s important to never trust an email just because it appears to be real. Don’t call the “support number” listed in the email. You can go directly to PayPal yourself. Open your browser, type PayPal.com, log in, and check your recent activity. If nothing looks suspicious, the email is a scam. Check your account settings to see if any new addresses were added. If nothing has changed, you know it’s fake.
You should always only contact PayPal through their official website. Never use the contact details in an email like this. PayPal will never include a customer service number in their emails. Instead, they direct you to their website for help. If you see a phone number on an urgent email like this—don’t call it. It’s likely a scam.
No legitimate company will ask you to install remote access software to fix an account issue. If this happens, it’s best to just hang up.
There are other things you can do to protect your account. Remember to enable two-factor authentication (2FA) in your PayPal account settings and change your PayPal password frequently (make sure it’s a unique and complex one).
Even if your login details get compromised, scammers won’t be able to access your account if 2FA is enabled.
I also recommend reporting phishing emails to PayPal. If you receive a suspicious email, forward it to phishing@paypal.com and then delete it. The more reports PayPal receives, the faster they can shut down scams like this.
Remember to stay calm and collected. Scammers rely on urgency and fear to trick people into making quick decisions before they have a chance to think. Take a deep breath, double-check everything, and don’t let them rush you. You always have enough time to determine whether an email is real or fraudulent.
This PayPal scam is one of the most convincing phishing attacks out there right now. It exploits PayPal’s own email system, making it difficult to detect. The emails are real—but the phone number inside is fake.
