New PayPal Email Scam Exploits Address Settings to Trick Users

By /

Listen to this Post

A new PayPal email scam is taking advantage of the platform’s address settings to send fake purchase confirmations, alarming users into calling scammers and granting remote access to their devices. This scam cleverly bypasses email security filters since the fraudulent messages are sent directly from PayPal’s legitimate email address. Victims are tricked into believing their account has been compromised, leading them to contact fake PayPal support numbers where scammers attempt to gain access to their personal information and devices.

the Scam

For over a month, PayPal users and even non-users have been receiving alarming emails confirming that a new shipping address was added to their account. These emails, appearing to come from [email protected], also contain a fraudulent MacBook M4 purchase confirmation, instructing the recipient to call a phone number if they did not authorize the transaction.

The emails pass DKIM security checks, making them look completely legitimate and allowing them to evade spam filters. Once a victim calls the provided number, they are connected to scammers posing as PayPal customer support. These fraudsters then try to manipulate users into downloading remote-access software, enabling them to control the victim’s computer and potentially steal funds, install malware, or access sensitive data.

Investigation into this scam revealed that PayPal’s address settings allow unlimited text input, which the scammers exploit by inserting their fake purchase confirmation into the “Address 2” field when adding a new shipping address. PayPal then automatically sends a confirmation email including the inserted text, making the message look entirely authentic.

Moreover, scammers appear to use email forwarding techniques through Microsoft 365 accounts to distribute these fraudulent messages to multiple victims.

To stay safe, do not call the provided number in any such email. Instead, manually log in to your PayPal account and check if any changes have actually been made. If nothing is amiss, simply ignore and delete the email.

What Undercode Says:

Analyzing the Exploit and PayPal’s Vulnerability

This scam highlights a serious oversight in

How Scammers Use Psychological Manipulation

Phishing scams like these rely heavily on fear and urgency to manipulate victims. By making the email appear as a security alert, scammers increase the likelihood of the recipient acting impulsively without verifying the legitimacy of the message. This psychological trick is a hallmark of social engineering, where attackers use emotional triggers to bypass logical thinking.

The Role of Email Forwarding and Spam Evasion

One of the most alarming aspects of this scam is how it exploits email forwarding to target multiple victims. By using a Microsoft 365 mailing list, the scammer can distribute their fraudulent PayPal messages to numerous email addresses at once. Since the emails originate from PayPal’s official servers, security filters fail to detect them as phishing attempts. This highlights a broader issue in email authentication protocols, where legitimate services can be weaponized for scams.

Why This Scam Is More Dangerous Than Others

  1. Legitimacy of the Emails – Unlike most phishing attempts that use spoofed addresses, these emails come directly from PayPal. This makes them much harder to recognize as fraudulent.
  2. Bypassing Security Measures – The scam exploits PayPal’s internal systems rather than relying on external hacking techniques, allowing it to evade spam filters and domain authentication checks.
  3. Broad Targeting – Even people without PayPal accounts are receiving these emails, meaning that the attack surface is larger than just PayPal users.

What PayPal Needs to Do to Fix This

PayPal must implement immediate security changes to prevent similar scams in the future. Some necessary actions include:

  • Character Limits for Address Fields – Restricting the number of characters allowed in address fields to prevent misuse.
  • Enhanced Fraud Detection – Implementing AI-based anomaly detection that flags suspicious addresses containing purchase-like text.
  • Stronger Verification on Address Changes – Instead of simply sending an email, PayPal should require additional verification (e.g., two-factor authentication) for address changes.
  • Better Customer Education – Warning users about such scams through in-app alerts rather than relying solely on email notifications.

How Users Can Protect Themselves

Until PayPal implements these security measures, users should take extra precautions:

  • Always verify email claims by logging directly into PayPal instead of clicking links or calling numbers in the email.

– Enable two-factor authentication (2FA) for added security.

  • Avoid downloading software from unknown sources, especially if instructed to do so over the phone.
  • Be skeptical of urgent warnings—scammers rely on panic to trick victims into acting without thinking.

Conclusion

This PayPal scam is a perfect example of how cybercriminals adapt to security measures, finding new ways to exploit legitimate platforms. While PayPal has yet to respond to inquiries about this issue, the company must take action to close this loophole before more users fall victim to the scam. In the meantime, awareness and caution remain the best defenses against such sophisticated fraud attempts.

References:

Reported By: https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/
Extra Source Hub:
https://www.discord.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: