Beware of the Latest PayPal Phishing Attacks
If you receive an email from PayPal, proceed with caution: scammers are using a legitimate PayPal address to send fraudulent purchase notifications to users in an attempt to gain remote access to your computer by convincing you to download malware.
Phishing emails are sent from an [email protected] address, making them look real, but as reported by Bleeping Computer , scammers have managed to exploit PayPal settings to trick recipients.
How to Recognize PayPal Fraud
Users who fall victim to this scam receive emails from PayPal notifying them that they have added a new email address to their account. According to Bleeping Computer , users who received this message have not actually added new addresses to PayPal, and in some cases, these notifications are sent to email addresses that are not associated with a PayPal account at all.
The phishing email also includes variations of the following message:
“Confirmation: Your shipping address for MacBook M4 Max 1TB ($1,098.95) has been changed. If you did not authorize this update, please contact PayPal at +1-888-668-2508.”
Scammers are hoping that users will call this number to contact PayPal support regarding a supposed fraudulent MacBook purchase. But if you do, you’ll talk to someone who will scare you into believing that your account has been hacked and encourage you to download and run software to fix it. However, these scammers instead intend to hijack your system to launch malware and steal money and/or personal information.
Obviously, a phishing email coming from a legitimate PayPal address is concerning, and it can get past security and spam filters. As revealed in a report from Bleeping Computer, scammers first use the platform’s “gift address” feature (which is simply an additional shipping address you can add to your account) and then automatically forward a confirmation with a fraudulent message through an email list to make it look like it came from PayPal.
How to avoid becoming a victim of PayPal fraud
One way to spot a phishing scam is to check the address from which the message was sent, which at first glance may seem legitimate, but upon closer inspection, it clearly is not. This may not help much in this case, but you should always be wary of messages that evoke an emotional reaction (such as fear).
If you receive this email, you can ignore and delete it, although you can log into your PayPal account by going directly to the website or app and make sure nothing has been added to your account. Do not click on links or call phone numbers provided in suspicious emails – instead, go directly to the website to access your account and look for official customer service channels if necessary. Finally, never download anything from a suspicious email onto your device.