A new PayPal email scam is deceiving users by leveraging the platform’s address settings to send fraudulent purchase confirmations, creating the illusion that their accounts have been compromised, reports BleepingComputer

The scam emails were found to originate from a legitimate PayPal address and their content falsely inform recipients that a new address has been added to their account, with a fake confirmation of a MacBook purchase.

Concerned users are urged to call a support number, whereupon they are connected to scammers posing as PayPal representatives. Once on the call, scammers attempt to convince victims to install remote access software under the pretense of securing their account. This allows attackers to steal banking information, install malware, or access sensitive data.

The scam exploits PayPal’s “gift address” feature, where scammers add their own email address to PayPal and inject fake messages into address form fields. These emails are then forwarded to a Microsoft 365 mailing list, ensuring mass distribution to targeted users.

PayPal has yet to respond to inquiries about the scam, but users are advised to ignore suspicious emails and verify any account changes directly through PayPal’s official website.