New Phishing Campaign Targets PayPal Users with Sophisticated Spoofing Tactics

This post is also available in: עברית (Hebrew)

A new phishing campaign is actively targeting PayPal users, using well-crafted emails designed to look like official communications from the payment platform. According to a recent report by Malwarebytes, the attackers are using spoofed email addresses and misleading content to trick recipients into unknowingly granting access to their accounts.

The emails arrive with the subject line “Set up your account profile” and appear to come from [email protected] or similar addresses. While the sender address looks authentic, it is actually spoofed—a technique that allows cybercriminals to falsify the “from” field in emails, making it appear as though the message originates from a trusted source.

One giveaway is the recipient’s email address, which often looks unfamiliar or unrelated. This is a result of the attackers sending messages in bulk using test domains or compromised systems. Instead of targeting individuals, they rely on volume and wide distribution to increase their chances of success.

The message itself follows a common phishing pattern: it warns of a suspicious charge—over $900 in this case—to a cryptocurrency platform, and urges the recipient to take immediate action by following a link. The tone is urgent, the details are alarming, and the goal is to pressure the user into clicking without thinking.

What makes this attack particularly concerning is the nature of the link. Rather than directing users to a fake login page, it leads to an actual PayPal process: adding a secondary user to the account. If completed, this would give the attacker the ability to initiate transactions, effectively taking control of the account without needing login credentials.

Additional signs of fraud include generic greetings (or none at all), inconsistent language, and an unverified support phone number associated with previous scams.

To stay protected, users are advised to:

  • Avoid clicking links in unsolicited emails.
  • Visit PayPal directly to verify account activity.
  • Enable two-factor authentication.
  • Report suspicious messages to [email protected].

With over 400 million active PayPal users globally, these kinds of scams continue to be a preferred method for cybercriminals seeking unauthorized access to financial information.