Cyber security expert warns of new PayPal scam
The sender email and links look legitimate, ultimately allowing the scammer access to your PayPal account.
ATLANTA, Ga. (Atlanta News First) - Cyber security experts say the signs of phishing scams are not so obvious today as scammers figure out how to con people with PayPal without spoofing links.
People who receive phishing emails can usually spot typos in the email address or suspicious look-a-like website links, but cyber security company Fortinet says scammers have now found a work around with PayPal.
Carl Windsor, the company’s chief information security officer, explained in a blog he received a payment request of nearly $2,200 in an email from PayPal.
Windsor said the sender’s information looked legitimate; when he hovered over the link to pay, it was PayPal’s actual website. The email was sent from “service @ PayPal dot com.”
But Windsor discovered his email had been added to a distribution list. Windsor explained someone registered a Microsoft 365 test domain and then created a distribution list under it.
In this scam, clicking the link to PayPal prompts the user to log into the real website, but PayPal will then link that email to an existing account, allowing the scammer access to the user’s PayPal.
A PayPal spokesperson said the company is always working to protect consumers from “evolving scams and fraud, including this common phishing scam.”
PayPal advises users to “remain mindful online, and to visit PayPal.com for additional tips.” Its website requests people forward any suspicious emails to phishing@paypal.com so their security teams can investigate and shut down any fraudulent access.
If there’s something you would like Atlanta News First Investigates to dig into, fill out this submission form.
Copyright 2025 WANF. All rights reserved.
