A new PayPal phishing scam has been reported, and this one is particularly clever and looks surprisingly real. There are no obvious typos, sketchy sender email addresses, or grammatical errors, and it comes from PayPal’s official email address, service@paypal.com.

How Did the Scam Begin?

PayPal introduced its gift address feature, designed to give users more flexibility in shipping to multiple addresses. So, instead of changing your shipping address every time you buy something, you can now add extra addresses for deliveries. It’s a very useful feature—especially whensending giftsor having purchases delivered elsewhere without manually updating your account settings. But unfortunately, scammers have turned it into aphishing scam.

Scammers are now exploiting this new gift address feature by abusing itsautomated emailsystem. This allows them to send outnotificationsthat look completely real.

You may receive an email from PayPal saying that a new address has been added, and you need to confirm an expensive purchase you supposedly made. Of course, it’s all fake. You didn’t add a new address, and you don’t rememberordering a MacBookor a PlayStation. You start to worry that someone might havehacked your account.

Their goal is to convince you that your account has been hacked and that the only way to fix it is by installingremote access software (RAT), which allows them to gain full control of your computer. This is unlike your standard phishing attempts, so beware.

How the Scam Works

You may wonder how a scammer is able to abuse PayPal’s automated email delivery system to send out a legitimate-looking email. Well, it’s not difficult at all. Automatic email confirmation from PayPal after an account change is a standard security feature designed to alert you of any changes to your account. However, scammers have now found a way to manipulate the system.

The scammer goes into a PayPal account, either their own or one they’ve hacked, and then adds a new address. When they do this, PayPal automatically sends a confirmation email to the account owner. The email comes directly from PayPal’s real domain, making it appear legitimate.

Then they set up auto-forwarding that allows the email to get forwarded to the victim. The legit PayPal email gets sent to a fake email that they manage and is configured to forward to aMicrosoft 365mailing list. This mailing list contains thousands of email addresses, all potential victims.

To make the email even more alarming, the scammer usually adds a note in the “gift address” field (along with a support number) saying that you’ve just bought an expensive item—like aPlayStation—using the new address.

You know you didn’t make this purchase, but the email makes you panic, leading you to call the fake customer service number. These days, evenCaller IDs can be faked.

Why This Phishing Scam Is Different

Most phishing scamsrely on impersonating a company byspoofing an email address—creating a fake version of a legitimate company’s email. Email providers like Gmail and Yahoo often flag these as spam or phishing attempts. But this new PayPal scam is different because it’s coming directly fromPayPal’s actual domain.

Other scammers buy domains that look similar to actual brands, but aren’t real. These might havesmall misspellings or slight variationsthat make them different from the official email address, e.g., “paypall.com” instead of “paypal.com.”

Since the sender is actually service@paypal.com,spam filterscan’t always detect it as a phishing attempt, making victims more likely to trust it. By using an official PayPal-generated email, scammers are a step ahead.

What Happens if You Call the Number?

Let’s say you see the email, panic, and call the number.

The person on the other end sounds professional. They introduce themselves as a PayPal representative, ask for your name, and thank you for calling. Then, they claim youraccount has been hacked. They say a hacker added a fake address and is now making unauthorized transactions in your name.

They make it sound really bad. Then, they tell you they need tosecure your accountimmediately before more charges go through.

You start to panic. That’s when they ask you to install software on your computer. And it’s not just any software—it’sremote access software.

They might ask you to install legitimate tools like ConnectWise, TeamViewer, or AnyDesk—which are used by IT professionals tofix technical problemsbut can be abused by scammers since it can grant them access to your system.

Once you install it and grant them access, they get full access to your computer. Now, they can log in to your PayPal account andsteal your credentials, change your account settings to prevent you from gaining access back, access your bank accounts and saved passwords, and eveninstall malware to spy on youlater.

Some victims have even reported that scammers watch them enter passwords in real-time—then take over their accounts instantly. I don’t know about you, but that terrifies me.

How to Protect Yourself

If you run a business and rely on PayPal, you might panic over an unauthorized charge. Even regular PayPal users can miss the warning signs because they receiveso many legitimate notifications.

Toavoid falling for these types of scams, the first thing you should do is not panic. It’s important to never trust an email just because it appears to be real. Don’t call the “support number” listed in the email. You can go directly to PayPal yourself. Open your browser, typePayPal.com, log in, and check your recent activity. If nothing looks suspicious, the email is a scam. Check your account settings to see if any new addresses were added. If nothing has changed, you know it’s fake.

You should always only contact PayPal through their official website. Never use the contact details in an email like this. PayPal will never include a customer service number in their emails. Instead, they direct you to their website for help. If you see a phone number on an urgent email like this—don’t call it. It’s likely a scam.

No legitimate company will ask you to install remote access software to fix an account issue. If this happens, it’s best to just hang up.

There are other things you can do to protect your account. Remember toenable two-factor authentication (2FA)in your PayPal account settings andchange your PayPal passwordfrequently (make sure it’s a unique and complex one).

Even if yourlogin details get compromised,scammers won’t be able to access your account if 2FA is enabled.

I also recommend reporting phishing emails to PayPal. If you receive a suspicious email, forward it to phishing@paypal.com and then delete it. The more reports PayPal receives, the faster they can shut down scams like this.

Remember to stay calm and collected. Scammers rely on urgency and fear to trick people into making quick decisions before they have a chance to think. Take a deep breath, double-check everything, and don’t let them rush you. You always have enough time to determine whether anemail is real or fraudulent.

ThisPayPal scamis one of the most convincing phishing attacks out there right now. It exploits PayPal’s own email system, making it difficult to detect. The emails are real—but the phone number inside is fake.