Are you a PayPal user? Here's what you should know about the latest scam that could put your account at risk
- Replies 0
Millions of Americans rely on online payment platforms every day—to send money to family, split bills with friends, or shop from the comfort of home.
A new scam is making the rounds, and it’s targeting everyday folks just like you—sometimes with frightening precision.
Unlike traditional phishing attempts, this one looks strikingly official and can catch even the most cautious person off guard.
The alarming part is that it doesn’t just try to steal your password—it can give scammers control of your account.
This isn’t your run-of-the-mill “Nigerian prince” email. According to a recent report from cybersecurity experts at Malwarebytes, scammers are getting craftier.
They’re sending emails that look like they’re straight from PayPal’s own playbook—complete with the official logo, familiar fonts, and even the sender address [email protected].
But don’t be fooled! These crooks are “spoofing” the address, making it appear legitimate when it’s anything but.
The email urges you to act fast, warning that the link will expire in 24 hours. It even provides a phone number to call if you want to dispute the charge.
But here’s the kicker: Instead of stealing your password, these scammers are tricking you into giving them direct access to your account. If you click the link, you’re taken to a fake PayPal site and asked to “add a secondary user”—which is really just giving the scammer the keys to your digital kingdom.
Also read: Scammers steal $28,000 from Sacramento senior in elder fraud scheme
That’s a big deal, because once a scammer is added as a secondary user, they can drain your PayPal balance, make unauthorized purchases, or even access linked bank accounts.
And the stakes are high. Americans lost a staggering $8.8 billion to fraud in 2022 alone, according to the Federal Trade Commission. Scams like this are a big reason why.
Also read: Falling for the “transfer it to protect it” scam? FTC warns this scheme is targeting older Americans
And Kevin Thompson, CEO of 9i Capital Group, adds, "Never go through an email to log into your account. Always go directly to the website through a verified source.”
Read next:
Have you ever received a suspicious PayPal email? Did you almost fall for it—or did you spot the scam right away? What other online scams have you seen lately?
A new scam is making the rounds, and it’s targeting everyday folks just like you—sometimes with frightening precision.
Unlike traditional phishing attempts, this one looks strikingly official and can catch even the most cautious person off guard.
The alarming part is that it doesn’t just try to steal your password—it can give scammers control of your account.
This isn’t your run-of-the-mill “Nigerian prince” email. According to a recent report from cybersecurity experts at Malwarebytes, scammers are getting craftier.
They’re sending emails that look like they’re straight from PayPal’s own playbook—complete with the official logo, familiar fonts, and even the sender address [email protected].
But don’t be fooled! These crooks are “spoofing” the address, making it appear legitimate when it’s anything but.
These emails are carefully designed to trick you into acting quickly without verifying the details. Image source: appshunter.io / Unsplash
Here’s how the scam works
You receive an alarming email claiming there’s been a new charge on your PayPal account—often for a hefty sum (the example cited was a whopping $910.45 at Kraken.com, a cryptocurrency exchange).The email urges you to act fast, warning that the link will expire in 24 hours. It even provides a phone number to call if you want to dispute the charge.
But here’s the kicker: Instead of stealing your password, these scammers are tricking you into giving them direct access to your account. If you click the link, you’re taken to a fake PayPal site and asked to “add a secondary user”—which is really just giving the scammer the keys to your digital kingdom.
Also read: Scammers steal $28,000 from Sacramento senior in elder fraud scheme
Why this scam is so dangerous
As Michael Ryan, a finance expert, put it: “They’re not stealing your password. They’re tricking you into giving them actual account access.”That’s a big deal, because once a scammer is added as a secondary user, they can drain your PayPal balance, make unauthorized purchases, or even access linked bank accounts.
And the stakes are high. Americans lost a staggering $8.8 billion to fraud in 2022 alone, according to the Federal Trade Commission. Scams like this are a big reason why.
Also read: Falling for the “transfer it to protect it” scam? FTC warns this scheme is targeting older Americans
How to tell a scam from the real deal
So, how can you tell if that PayPal email is a wolf in sheep’s clothing? Here are some telltale signs:- Generic Greetings: Real PayPal emails will address you by your full name. If you see “Dear User” or no name at all, be suspicious.
- Urgency and Threats: Scammers want you to panic. If the email says you must act within 24 hours or risk losing money, take a breath and double-check.
- Unusual Charges: If you see a charge for something you never bought—especially something odd like cryptocurrency—don’t click any links.
- Suspicious Links: Hover your mouse over any link (don’t click!) to see where it really leads. If it doesn’t go to paypal.com, it’s a scam.
- Requests for Personal Info: PayPal will never ask you to add users, confirm your password, or provide sensitive information via email.
And Kevin Thompson, CEO of 9i Capital Group, adds, "Never go through an email to log into your account. Always go directly to the website through a verified source.”
Read next:
- What to do if your email gets hacked—and how to lock it down for good
- These five messages are major RED FLAGS—don’t click, just delete
