Hackers Exploit Genuine PayPal Emails in New Scam

Cybercriminals have found a new way to bypass traditional phishing filters by exploiting PayPal’s own email system. Unlike typical scam emails riddled with errors, this sophisticated attack uses legitimate PayPal messages sent from "[email protected]" to deceive users. The fraudulent emails notify recipients of unauthorized account changes or purchases, prompting them to call a fake customer support number—setting the stage for credential theft. Security researcher Lawrence Abrams uncovered the mechanics behind the attack, revealing that scammers manipulate PayPal’s gift address feature to generate authentic-looking notifications. These messages are forwarded through a compromised Microsoft 365 mailing list, ensuring they reach victims without raising suspicion. The key takeaway? The emails are real, but the threat is hidden in the details. To stay safe, PayPal users should never call numbers or click links in suspicious emails. Instead, visit PayPal’s official website directly and check account activity from there. As this exploit highlights, even trusted platforms can be weaponized by cybercriminals. Stay alert. Source: Forbes