Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding Lifehacker as a preferred source for tech news .
Scammers are once again impersonating PayPal and trying to trick users into handing over access to their accounts and their cash. The latest email campaign alerts recipients to a new (fake) transaction and payment profile and urges them to take action to set up their account.
I have personally been targeted by this scam, which has some convincing elements and several red flags.
PayPal account profile scam
At first glance, this email seems like it really does come from PayPal: The sender address is service[at]paypal[dot]com, a legitimate PayPal domain, and paypal.com is listed in the signed-by field. However, scammers are able to spoof the email in the “From” field to make it look legitimate when it isn’t. The layout looks relatively similar to other PayPal emails, including the company’s branding and footer. If you hover over the links, including the call-to-action button to “set up your profile,” they appear to go to a real PayPal site.
Credit: Emily Long
After that, though, there’s almost nothing but red flags. The message isn’t addressed to me—instead of my name and email, it was sent to an address [at]truestate.org and with the salutation “Hello, receipt34532.” As Malwarebytes Labs points out , scammers will set up distribution lists to send phishing emails in bulk, so messages aren’t addressed to individual targets. Note, too, that legitimate businesses, including PayPal, will address you by your real name, not an alias or a generic greeting.
The rest of the message content doesn’t really make sense, and it doesn’t line up with the action you’re being urged to take. It also uses common scam tactics such as urgency (the link is set to expire in 24 hours) and eye-catching details (a large sum of money and vague reference to cryptocurrency). The phone number has also been reported to the Better Business Bureau as a PayPal scam.
Obviously, you shouldn’t engage with this, but if you did, you’d likely be prompted to add a secondary user to your PayPal account, which gives them access to issue payments using your information.
How to keep your PayPal account secure
At this point, it’s hard to trust any communication about account security or financial transactions. Scammers are able to spoof or impersonate real people and organizations in increasingly convincing ways, often supported by AI, so you shouldn’t believe an email (or phone call ) just because the sender looks legitimate.
You should continue to be wary of messages that sound urgent or invoke strong emotions. Instead of engaging with these emails, texts, social media messages, and calls, delete them—and go directly to the website or app and log into your account to view any relevant alerts, or contact the company using information listed on official channels.
You can also search the phone number or email in the BBB’s Scam Tracker to see if anyone has reported it as fraudulent. And where possible, enable multi-factor authentication on your accounts as an extra layer of security.
