There’s a new sophisticated PayPal scam draining the bank accounts of unsuspecting victims. Hackers are ambushing users of the platform in a tricky way that seems so legit, it’s not sending off alarm bells until it’s too late.
“The new scam going around is catching people off guard because it’s using real PayPal emails,” said Vlad Cristescu, head of cybersecurity at ZeroBounce. “Not lookalikes. Not fakes. Actual messages, from what looks like PayPal’s real system.”
For You: 30 Scam Phone Numbers To Block and Area Codes To Avoid
See More: 6 Unusual Ways To Make Extra Money That Actually Work
Scammers are outsmarting PayPal’s automated email delivery system and its working. “They’re sending invoices or purchase confirmations through PayPal’s official platform. That means the email doesn’t come from a weird address. It comes from service@paypal.com — the real deal,” Cristescu explained.
“The email may say something like: ‘You’ve just paid $749 for a MacBook. If this wasn’t you, call this number.’ And that’s where the trap is,” he added. “You call the number, hoping to cancel the transaction — but instead, you’re talking to the scammer, not PayPal.
While the scam is fooling people, there are ways to avoid it. Here’s what to know about the scam and how to protect yourself, according to cybersecurity experts.
Trending Now: Suze Orman’s Secret to a Wealthy Retirement–Have You Made This Money Move?
What To Know About the New PayPal Scam
For more than 25 years, PayPal has been at the forefront of digital payments. The service was launched in 1998 and has been around much longer than Venmo and Zelle, becoming a trusted brand many rely on and use daily, which also makes it a target.
“Scammers are now using PayPal’s own system to trick people. They send what looks like a real payment request to PayPal users, mostly via email,” said Abhishek Karnik, head of threat research for McAfee, an online protection company.
Read Next: Fidelity Says This Is a Surprising Risk of Holding Too Much Cash — Do You Have Too Much?
It’s not easy to spot at first because the messages comes from PayPal’s domain and it
gets past scam filters Karnik said. “These messages may even include the name of a well-known company, along with a phone number to call if you didn’t make the purchase. But that number connects you to the scammer, not PayPal,” he added.
Why the Scam Is Effective
It’s always scary to feel like you could lose your hard earned money, but times are especially tough right now and people are watching every dime. The scammers are banking on victims desperately trying to stop a transaction they didn’t purchase, but instead people are inadvertently getting cheated.
“It preys on people’s fear of losing money and feels urgent; scammers count on fear and urgency to cloud your judgment, knowing that many people will call or click before taking time to think it through,” Karnik explained.
Don’t Engage With Urgent Messages
One way to avoid the new PayPal scam is to not engage, according to Karnik.
“Don’t engage with messages that feel urgent or alarming, especially if they say you’ve been charged or need to act fast,” he said.
“That pressure is exactly what scammers are counting on,” he added. “Instead, take a breath, slow down and go straight to the source before clicking or calling.”
Always Log Into PayPal Yourself
Before handing over sensitive information to anyone over the phone, Cristescu advised to check your PayPal account first.
“Never trust what an email says at face value, especially when it involves money,” he said. “Instead of clicking a link or calling a number, go to Paypal.com directly. Once you’re logged in, you can check if the invoice or payment is really there. No invoice in your account? Then the email is just a scare tactic.
Turn on Two-Factor Authentication
To add a layer of security to your account, add a two-factor authentication (2FA).
“Even if someone tries to mess with your account, they can’t log in without a second security step (usually a code sent to your phone),” Cristescu explained. “2FA adds a double lock to your account. It makes unauthorized access way harder.”
“If someone gets your password, they still can’t access your account without a code sent to your phone or authenticator,” Karnik added.
Understand How PayPal Communicates
If Paypal is a service you often use, Cristescu recommended understanding how the platform communicates with customers.
“PayPal doesn’t use invoices to settle disputes,” he explained. “They won’t ask you to call out of the blue. They don’t throw around panic buttons like ‘Call now or your money is gone.’ Knowing what real communication looks like makes it easier to spot a scam when one lands in your inbox.”
Never Call Phone Numbers in Emails
Experts warn against calling numbers in an email you received because you never know who is going to be on the other end.
“The phone number in the email is the whole point of the scam,” Cristescu said. “If you call it, you’re giving the scammer direct access to influence you and maybe even manipulate you into installing software, sharing passwords or ‘canceling’ payments that were never real. Use only official PayPal contact methods found on their site or in their app.”
“Scammers often create fake customer service lines to trick people into calling them directly,” Karnik added.
Getting an urgent email informing you that a transaction was made that you didn’t authorize is jarring and taking quick steps to correct the issue is a normal first response, but Karnik doesn’t recommend jumping into action so fast.
“You should slow down, expect the unexpected and trust your gut,” he explained. “If something feels off or you receive a message requesting payment for a purchase you don’t remember making, go straight to PayPal’s website, log in and check things for yourself — and remember that you should only use the contact info you find there, not the one in the email.”
More From GOBankingRates
-
6 Used Luxury SUVs That Are a Good Investment for Retirees
-
How Middle-Class Earners Are Quietly Becoming Millionaires — and How You Can, Too
-
7 Overpriced Grocery Items Frugal People Should Quit Buying in 2025
-
4 Low-Risk Ways To Build Your Savings in 2025
This article originally appeared on GOBankingRates.com: 5 Ways To Avoid the New PayPal Scam That Is Using Real Emails
