There’s a new PayPal scam that’s been catching many users off guard. Hackers are now using real PayPal emails to trick unsuspecting victims into handing over personal information or money. These emails look so legitimate that it’s hard to tell they’re part of a scam, and by the time the warning bells ring, it’s often too late.
“The new scam going around is catching people off guard because it’s using real PayPal emails,” said Vlad Cristescu, head of cybersecurity at ZeroBounce. “Not lookalikes. Not fakes. Actual messages, from what looks like PayPal’s real system.”
The scammers are taking advantage of PayPal’s official platform to send invoices and purchase confirmations that seem entirely legitimate. “They’re sending invoices or purchase confirmations through PayPal’s official platform,” Cristescu explained. “That means the email doesn’t come from a weird address. It comes from [email protected] — the real deal.”
In many cases, the scam email might say something like: “You’ve just paid $749 for a MacBook. If this wasn’t you, call this number.” The problem starts when you call the number, hoping to cancel the transaction. Instead of reaching PayPal, you’re talking directly to the scammer.
While this scam may be difficult to spot, there are several ways you can protect yourself. Here’s what you need to know to avoid falling for it:
What You Need to Know About the New PayPal Scam
PayPal, one of the most trusted names in digital payments, has been around for more than 25 years. Launched in 1998, it has established itself as a go-to platform for online payments and money transfers. Its widespread use makes PayPal a prime target for scammers looking to exploit its reputation.
“Scammers are now using PayPal’s own system to trick people,” explained Abhishek Karnik, head of threat research for McAfee, a cybersecurity company. “They send what looks like a real payment request to PayPal users, mostly via email.”
The issue with this scam is that the email seems real. It comes from PayPal’s official domain, and it bypasses many scam filters. “These messages may even include the name of a well-known company, along with a phone number to call if you didn’t make the purchase. But that number connects you to the scammer, not PayPal,” Karnik added.
Why the Scam Is Effective
This scam works by exploiting people’s natural fear of losing money, especially in tough financial times. Many people are on edge about their finances, making them more susceptible to this kind of trick.
“It preys on people’s fear of losing money and feels urgent; scammers count on fear and urgency to cloud your judgment, knowing that many people will act before thinking it through,” Karnik said.
Scammers rely on this sense of urgency to trick victims into reacting quickly, without fully assessing the situation.
How to Protect Yourself from the PayPal Scam
Here are five crucial steps to protect yourself from falling victim to this scam:
1. Don’t Engage With Urgent Messages
One of the most effective ways to avoid this scam is to resist engaging with any message that feels urgent. “Don’t engage with messages that feel urgent or alarming, especially if they say you’ve been charged or need to act fast,” Karnik advises.
Scammers thrive on creating a sense of urgency, pressuring you into immediate action. Instead, take a moment to breathe and assess the situation before responding. Always go directly to PayPal’s website or app instead of reacting to the message.
2. Always Log Into PayPal Directly
If you receive an email that seems suspicious or alarming, never trust the email’s contents at face value. Cristescu recommends checking your PayPal account directly by logging into PayPal.com, instead of clicking on any links or calling the phone number provided in the email.
“Instead of clicking a link or calling a number, go to Paypal.com directly. Once you’re logged in, you can check if the invoice or payment is really there,” Cristescu explained. If there’s no record of the transaction in your account, then the email is most likely a scam.
3. Turn on Two-Factor Authentication (2FA)
Adding an extra layer of security to your account can make a huge difference. Enabling two-factor authentication (2FA) makes it much harder for scammers to access your account, even if they know your password.
“Even if someone tries to mess with your account, they can’t log in without a second security step (usually a code sent to your phone),” Cristescu said. “2FA adds a double lock to your account. It makes unauthorized access way harder.”
Karnik also recommends enabling 2FA. “If someone gets your password, they still can’t access your account without a code sent to your phone or authenticator,” he added.
4. Know How PayPal Communicates
Understanding how PayPal communicates with its users can help you spot scams more easily. PayPal doesn’t typically use invoices to settle disputes or ask you to call urgently. If you receive an email that asks you to do so, it’s a red flag.
“PayPal doesn’t use invoices to settle disputes,” Cristescu explained. “They won’t ask you to call out of the blue. They don’t throw around panic buttons like ‘Call now or your money is gone.’ Knowing what real communication looks like makes it easier to spot a scam.”
5. Never Call Phone Numbers in Emails
Experts advise against calling any phone number included in an email, especially if it looks suspicious. Scammers often use these numbers to get you to share sensitive information or even install malicious software on your device.
“The phone number in the email is the whole point of the scam,” Cristescu said. “If you call it, you’re giving the scammer direct access to influence you and maybe even manipulate you into installing software, sharing passwords, or ‘canceling’ payments that were never real.”
Final Thoughts: Trust Your Gut
Receiving an email that claims an unauthorized transaction has been made on your account can be stressful. But, before taking any action, it’s important to slow down, trust your instincts, and verify the details through official channels.
“You should slow down, expect the unexpected, and trust your gut,” Karnik said. “If something feels off or you receive a message requesting payment for a purchase you don’t remember making, go straight to PayPal’s website, log in, and check things for yourself.”
By staying vigilant and following these steps, you can avoid falling victim to this clever PayPal scam.