New PayPal phishing scam uses legitimate emails to steal your information

A new PayPal phishing scam has been making the rounds, and it’s so convincing that even security-conscious users are falling victim to it. This scam is different from typical phishing scams as it uses PayPal’s own email system to send out alerts that look completely authentic.

Users may receive messages like, “You added a new address. This is just a quick confirmation that you added in your PayPal account.” Even if you don’t have a PayPal account, you could still receive these messages. The scammers behind this scheme are exploiting real features of PayPal, such as the “add address” or “money request” tools, to trigger legitimate emails from PayPal’s domain.

What makes this scam even more dangerous is that the emails come directly from PayPal’s official servers, making it difficult to distinguish them from legitimate messages. The scammers use urgent language to create a sense of panic, such as warnings about unauthorized activity or large charges, prompting recipients to act quickly without questioning the authenticity of the alert.

In some cases, scammers are removing links from the emails and including a phone number instead. When users call the number, they are connected to a fake PayPal representative who asks them to download what appears to be a PayPal-branded support tool. However, this tool is actually a customized remote access app that gives the scammers full access to the user’s device.

To protect yourself from falling victim to this PayPal phishing scam, there are several steps you can take. First, avoid clicking on links in suspicious emails and use strong antivirus software to protect your devices. Enable two-factor authentication on your PayPal and email accounts for an added layer of security, and use a password manager to ensure unique and strong passwords for all your logins.

If you receive a suspicious PayPal alert, go directly to the PayPal website by typing paypal.com into your browser or using the official app. Check your account manually for any signs of unauthorized activity. Report any phishing attempts to PayPal and the FTC, and consider using a data removal service to reduce your exposure to scammers.

Overall, it’s important to stay vigilant and cautious when dealing with emails and messages, especially those related to financial accounts like PayPal. By following these tips and best practices, you can protect yourself from falling victim to phishing scams and keep your personal information safe.