At first glance, the email looks legitimate — and that’s exactly why cybersecurity experts say this scheme is so dangerous.
Criminals are now exploiting PayPal’s real email system to target unsuspecting users. The scheme works by sending tiny payments — sometimes as little as one cent — to random PayPal accounts. That action automatically triggers an official email from PayPal, making the message appear authentic.
Recommended Videos
But inside the payment note, fraudsters often include alarming claims, such as a large unauthorized purchase or a warning that the account has been compromised. The message then urges recipients to call a customer service number for help.
The catch: the phone number does not belong to PayPal.
Instead, victims are connected directly to criminals who attempt to steal passwords, banking information, or even gain remote access to computers.
Experts say the scheme is effective because it creates panic and pressures people to act quickly before verifying the information.
“If you receive something unexpected, never respond directly to the incoming message,” said Professor Ryan Marquez with the University of Houston Law Center. “Always initiate contact yourself by going directly to the company’s website or using the number on the back of your card. And never allow someone on the phone to guide you through logins or take remote control of your computer.”
Security experts recommend taking several steps to protect yourself:
- Never click links or call phone numbers included in suspicious emails
- Open your browser and log in to PayPal directly to verify account activity
- Enable two-factor authentication
- Use strong, unique passwords
- Regularly monitor financial accounts for unusual activity
If you believe you may have interacted with criminals, experts advise immediately changing your passwords, contacting PayPal and your bank directly, and monitoring for signs of identity theft.
They also recommend considering a credit freeze if sensitive personal information may have been exposed.
Experts say the best defense is simple: don’t click, don’t call, and always verify first.
- PayPal tells KPRC 2 it takes all the necessary steps to mitigate issues and protect our customers, including using a combination of manual investigations and sophisticated technology to prevent fraud.
- We always encourage customers to remain mindful when receiving any online communication or when asked to participate in a transaction, particularly from someone they don’t personally know or to whom they do not owe any money.
- If people receive any unexpected, suspicious emails or payment requests, they should not pay, nor should they respond, share any personal information, call any phone numbers, open attachments, or click on any links within these messages.
- If a customer shared any information, called numbers or clicked any links, they should change their account password and contact PayPal as well as their financial institution immediately. They can also enable two-factor authentication if they haven’t already.
- Please contact PayPal directly through our app or Contact page for assistance. Do not contact any of the email addresses or phone numbers within suspicious messages, even if they are labeled as customer service.
- We also recommend reporting any phishing emails to our security team by forwarding them to phishing@paypal.com, and then deleting them. Suspicious emails can also be flagged directly to email providers. Additionally, people may contact law enforcement to report any scams, and we can assist in the investigation if asked.
- We believe that spreading awareness of the latest common fraud trends and how to stop them is key to keeping the payments ecosystem safe for everyone. We actively partner with leading consumer protection institutions, such as the Aspen Institute Financial Security Program, BBB Institute for Marketplace Trust, Consumers International, and the Smarter Than Scams campaign with the Financial Technology Association.
- Feel free to refer to our consumer alert on phishing scams, here: PayPal Alerts Consumers to Phishing Scams and Encourages Safety Tips
- Additional resources: