PayPal users are losing money to this clever new email scam

Scammers are hijacking PayPal’s platform to steal your money

A new phishing scam is exploiting PayPal’s own platform—learn the red flags before hackers get into your account. | ©Image Credit: Mohamed_hassan/Pixabay
A new phishing scam is exploiting PayPal’s own platform—learn the red flags before hackers get into your account. | ©Image Credit: Mohamed_hassan/Pixabay

PayPal users are being targeted by a sophisticated new email scam that is proving to be incredibly difficult to spot. This isn’t a typical phishing attack that leads you to a fake website; instead, scammers are cleverly using PayPal’s own legitimate platform against its users to gain full access to their accounts and money. The trick is so subtle that it bypasses the usual security red flags, leaving even tech-savvy users vulnerable. So, how can a seemingly harmless email about your profile setup lead to a scam that could drain your bank account?

Table of Contents show

The profile setup email that hands scammers control

Cybercriminals have found a new way to exploit PayPal, and it starts with an email that looks all too real. Carrying the subject line “Set up your account profile,” the message warns of a suspicious $900-plus crypto charge designed to trigger panic. But instead of resolving the issue, the link quietly opens the door for fraudsters to slip inside your account and take control—without you realizing what’s happening until it’s too late.

How the trick is pulled off

At first glance, the phishing email looks authentic, appearing to come from service@paypal.com or service@paypal.co.uk—addresses that seem genuine. This is made possible through email spoofing, a technique that forges the “From” field to mimic a trusted source.

The body of the message is crafted to cause alarm, containing text such as: “We have detected a new payment profile with a charge of $910.45 USD at Kraken.com. To dispute, contact PayPal at (805) 500-8413.”

On closer inspection, the scheme reveals itself through several subtle but telling signs. The reference to Kraken.com, a cryptocurrency platform, adds a technical layer likely to confuse the average user. A fake PayPal ID like “Receipt43535e” raises further suspicion. And while the email’s button redirects to PayPal’s actual site, it does so for a deceptive purpose—one that ultimately gives scammers the access they need.

How the scam uses PayPal’s own site against its users

This phishing scam is far more dangerous than most because it doesn’t rely on a fake website. Instead, it directs you to the real PayPal site, where a subtle process begins: adding a secondary user to your account.

If you fall for the trick and complete the steps, you’re essentially handing over control to the scammer. This grants them the ability to send payments and drain your funds. The use of PayPal’s own legitimate infrastructure makes it incredibly difficult for users and even many security systems to detect the fraud. Malwarebytes, which first reported the scheme, noted that it has been circulating for over a month.

Red flags every PayPal user should notice

The key to protecting yourself from this clever scam is to recognize the red flags that separate a fraudulent email from a legitimate one. While scammers have become very good at mimicking PayPal’s style, a close look at the details will reveal their deception. Here are the key red flags to watch for:

  • Impersonal Salutations: Official PayPal emails will almost always address you by your full name. Scammers, lacking this information, will use generic greetings like “Dear PayPal user” or “Hello.”
  • A Sense of Urgency: The scam email is designed to make you panic and act without thinking. It will use urgent language such as “Act now!” or “This link will expire in 24 hours” to rush you into clicking a link before you can properly verify its legitimacy.
  • Suspicious Charges or Crypto References: Be extremely wary of emails that notify you of unexpected charges, especially those related to cryptocurrencies or unfamiliar services like Kraken.com. This is a common tactic to trigger your concern and prompt you to take action.
  • Mismatched Content: Always check if the email’s subject line aligns with its content. A scam email might have a generic subject like “Set up your account profile,” but the body will immediately jump to a specific, alarming charge.
  • Unusual Sender Address: While scammers use email spoofing to make the address appear as service@paypal.com, hovering over the sender’s name or checking the full email header can reveal the true, often fake, address. Look out for any unusual domain names or ones that don’t match the company name.
  • Known Fraudulent Phone Numbers: The email may list a phone number for “support.” A quick online search of this number will often reveal that it’s associated with scams. Always use the official contact information from the company’s website, not from an email.

Simple steps to protect your PayPal account

Protecting yourself from this scam comes down to two key principles: awareness and caution. To stay one step ahead of scammers, consider these essential security practices:

  1. Don’t trust the email: Always assume an email asking you to take action is a potential scam. Instead of clicking links in suspicious emails, always go directly to paypal.com or use the official app to check for notifications on your account. If a message lists a phone number or strange sender address, a quick online search can often reveal whether it has already been flagged as fraudulent.
  2. Enable Two-Factor Authentication (2FA): This is one of the most effective ways to secure your account. Even if a scammer gets your password, they won’t be able to log in without the second verification step on your phone.
  3. Report the fraud: Help protect others by reporting any phishing attempts to phishing@paypal.com. This allows PayPal to track and block fraudulent messages, making the platform safer for everyone.

Source: Malwarebytes, SQ Magazine