Scammers have discovered a new method to exploit PayPal's email system, sending fraudulent messages that appear to be legitimate notifications from PayPal. These emails, which are not spoofed and pass standard security checks, are designed to deceive recipients into believing there is an unauthorized charge on their account. The scam involves altering the subject line of PayPal payment notifications to include a fake tech support number, urging recipients to call and resolve the supposed issue.
The scam works by sending emails from PayPal's genuine address, service@paypal.com, with a misleading subject line that suggests a pending charge of $987.90. The body of the email, however, shows a trivial transaction amount, creating confusion and urgency for the recipient. The scammers include personalized details such as the recipient's name and a real transaction ID to enhance the email's authenticity. The phone number provided in the subject line is fake, while the legitimate PayPal contact number is buried within the email body.
The technical mechanism behind the altered subject line remains unclear. It is suspected that scammers may be exploiting PayPal's note or remittance field, which can appear in certain payout templates, including the email's subject line. This manipulation allows the scam email to pass security checks like DKIM, SPF, and DMARC, making it appear as a genuine PayPal communication.
The impact of this scam is significant, as it can lead to victims inadvertently providing sensitive information to scammers. Once contacted, these scammers may attempt to collect banking details, convince victims to install remote access tools, or gain control over their accounts and devices. This can result in financial loss and unauthorized access to personal information.
To protect against such scams, it is essential to stay informed about common phishing tactics and recognize red flags in suspicious emails. Always use verified contact methods to reach companies and avoid calling numbers listed in dubious emails. Report any suspicious PayPal emails to phishing@paypal.com and monitor your accounts for unusual activity. If you suspect you have been scammed, take immediate action by contacting your bank, changing compromised passwords, and running security scans on your devices. Utilizing tools like Malwarebytes Scam Guard can also help identify and prevent potential scams.
Source: https://www.malwarebytes.com/blog/news/2026/04/more-paypal-emails-hijacked-to-deliver-tech-support-scams