Phishing Scam Abuses PayPal’s “New Address” Feature

Cybercriminals have discovered a new method to scam PayPal users by exploiting the platform’s “New Address” feature to send phishing emails. The attackers disguise themselves as PayPal, sending emails that appear to be official notifications about a newly added shipping address. In many cases, these emails also claim that an expensive purchase has been made, such as a MacBook M4 for $1,098.95, and instruct users to call a phone number if the transaction was unauthorized.

How Does the Scam Work?

The fraudulent emails appear authentic because they are sent from PayPal’s legitimate email address (“service@paypal.com”), making them difficult for users to recognize as scams. These messages include a phone number where users are supposedly required to call to dispute the unauthorized transaction.

Victims who call the number are connected to scammers posing as PayPal representatives. The scammers attempt to trick victims into downloading remote access software, allowing them to take control of the victim’s device. Once they gain access, they can steal login credentials, bank account details, and other sensitive information.

Read Next: Privacy-Focused Browsers: A Comparative Analysis

How to Stay Safe?

Cybersecurity experts recommend the following precautions for PayPal users:

• Do not call phone numbers provided in suspicious emails. PayPal never asks users to call a number to cancel a transaction.
• Verify any notifications by logging directly into your PayPal account. All legitimate alerts can be found in the “Notifications” section on the official PayPal website or app.
• Avoid clicking on links or downloading attachments from suspicious emails. Always check the sender’s address and the email’s content for inconsistencies. If in doubt, report phishing attempts to PayPal.
• Enable two-factor authentication (2FA). This adds an extra layer of security, making it harder for hackers to access your account even if they obtain your password.

This new phishing technique demonstrates how cybercriminals continuously find ways to exploit legitimate features for fraudulent activities. Users should remain vigilant and always verify suspicious notifications directly on their PayPal account.

_{Source: BleepingComputer}