Paypal Scammers are using PayPal’s address settings to send fake emails that look real, tricking people into thinking their accounts have been hacked. These emails, sent from PayPal’s official email address (“service@paypal.com“), claim that a new address has been added to the recipient’s account and that a MacBook M4 purchase has been made. The email asks users to call a support number if they didn’t authorize the transaction.
The message might say:
Confirmation: Your shipping address for the MacBook M4 Max 1 TB ($1098.95) has been changed. If you didn’t authorize this, contact PayPal at +1-888-668-2508.
Even though the emails look real, they’re fake. Many people, including those without PayPal accounts, have reported receiving these emails, even though no changes were made to their accounts. Scammers use PayPal’s real email system to send these messages, helping them bypass spam filters and scare people into thinking their accounts are compromised.
How the Scam Works
The emails trick people into believing their PayPal account was hacked to buy a MacBook, pressuring them to call a fake “PayPal support” number. When victims call, they hear an automated message pretending to be PayPal and are connected to a scammer posing as a support agent.
The scammer convinces the victim that their account is at risk and tricks them into downloading remote access software to “secure” their account. Once installed, the software gives scammers control over the victim’s device, which can lead to stolen money, data breaches, or malware infections.
This scam exploits PayPal’s “gift address” feature, which lets users add secondary addresses to their accounts. Scammers insert their fake message into the address field, triggering PayPal to send a confirmation email with the fraudulent purchase details. They then send these emails to a large number of targets.
How to Protect Yourself
If you get an email from PayPal about an unauthorized address change or purchase:
- Do not call the number in the email.
- Log into your PayPal account directly to check for any changes.
- If everything looks normal, ignore and delete the email.
This scam is possible because PayPal doesn’t limit the number of characters users can add to address fields. To prevent this, PayPal should add stricter character limits to stop scammers from inserting fake messages.
PayPal has not yet commented on this issue. Stay alert and always verify suspicious emails by logging into your account directly. StormInsider
