The Email From PayPal Informing You About the Status of Your Automatic Payment Is a Scam.
Another PayPal phishing scam is spreading online, this time with email notifications about recurring or automatic payments. The messages are sent from a legitimate PayPal address, allowing them to bypass some security filters and make recipients worry that their accounts have been hacked—perhaps enough to make them ignore the obvious warning signs and call or email the scammers.
I personally fell victim to this scam, receiving at least five separate emails, but they all went straight to the spam folder. Here’s how scammers exploit PayPal settings to get into your inbox.
How PayPal Scams Work
If you’re targeted by this promotion, you may receive an email with the subject line “Your automatic payment status has changed” or “Recurring payment activated.” The email is designed to mimic a genuine PayPal notification and includes a message about the successful processing of a large payment, as well as the email address and phone number for PayPal support.
The email is full of suspicious elements: it’s addressed to a random name (or, as in one of the messages I received, “Hello, account update”), contains spelling errors and incorrect formatting, and simply doesn’t make sense. It’s easy to spot oddities like bolding and the use of Unicode characters, which, as BleepingComputer notes , is a trick used to bypass spam filters and detect keywords.
The catch lies in the sender field, as the email comes from service[at]paypal[dot]com, a legitimate PayPal address, and the “Signed To” field lists paypal.com . As Malwarebytes Labs describes , this is likely an abuse of PayPal’s subscription feature. If a merchant suspends a customer’s subscription, the user receives an automated email from PayPal notifying them that their payment is no longer active. The scammers likely create fake subscriber accounts using Google Workspace mailing lists, so the automatically generated emails are sent to everyone on those lists. If you look at the “To:” field, you’ll see that the message isn’t actually addressed to your email address.
Using such loopholes to make phishing emails appear legitimate is a common tactic, and I’ve already reported on several similar PayPal phishing campaigns this year. According to a statement provided to BleepingComputer, PayPal is working to patch this particular vulnerability.
Ignore PayPal payment notifications.
If you receive one of these messages from PayPal, don’t bother contacting them. Scammers often use emails, text messages, and phone calls regarding account security and financial transactions to intimidate you into making a purchase, and impersonating trusted organizations is often quite convincing.
If you’re concerned about activity in your PayPal account, go directly to the app or website and log in to view alerts and verify transactions. Avoid using contact information or clicking links in the original notification, as this increases the risk of your data being compromised or malware being downloaded to your device.