SQ Magazine

Smarter Insights for a Fast-Moving Digital World

Subscribe To Our Newsletter

New Scam Targets PayPal Accounts With Fake Profile Setup Email

Updated on:
Sofia Ramirez
Written By
Sofia Ramirez
Sofia Ramirez
Senior Tech Writer
Sofia Ramirez
Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps reader...
LATEST POSTS:

131 Chrome Extensions Busted for WhatsApp Web Spam Scheme

China Claims US Cyberattack Targeted National Time System Since 2022

17.6 Million Impacted in Prosper Security Breach, Sensitive Data Stolen

As Featured In
BluehostActive CampaignDesignrushSeeking AlphaResearch Com

A new email scam targeting PayPal users is using real-looking messages to trick victims into giving scammers access to their accounts.

Quick Summary – TLDR:

  • Scammers are spoofing PayPal emails to send fake alerts about crypto charges
  • Victims are tricked into clicking a link that leads to PayPal’s real site
  • The link initiates the addition of a secondary user, giving scammers full access
  • Over 434 million PayPal users are potentially at risk from this ongoing campaign

What Happened?

A highly deceptive phishing campaign is hitting PayPal users with emails designed to look legitimate. The scam message, with the subject line “Set up your account profile,” urges recipients to act fast on a fake charge for over $900 to a crypto trading platform. But instead of fixing anything, clicking the link can hand over control of your PayPal account.

How the Scam Works?

The scam email appears to come from service@paypal.com or service@paypal.co.uk, which at first glance looks like a real PayPal sender. This is achieved using a technique called email spoofing, where scammers forge the “From” field in the email to mimic a trusted source.

Paypal Phishing Email Campaign
Image Credit – MalwareBytes

The body of the email raises immediate concern with alarming text like:

“We have detected a new payment profile with a charge of $910.45 USD at Kraken.com. To dispute, contact PayPal at (805) 500-8413.”

Other key elements that signal something’s off:

  • A cryptocurrency reference (Kraken.com) that sounds technical enough to confuse the average user
  • A fake PayPal user ID like “Receipt43535e”
  • A button that leads users to PayPal’s actual website, but for a very different purpose than it seems

Why This Scam Is So Dangerous?

Unlike most phishing attacks that try to steal your login credentials via a fake site, this one is much more clever. Clicking the email link takes victims to the real PayPal site and begins the process of adding a secondary user to their account. If completed, this gives the scammer permission to send payments, essentially giving them full access to the funds.

According to Malwarebytes, which first flagged this scam, the attack has been circulating for at least a month. Because it uses real PayPal infrastructure, it’s harder for both users and some security systems to detect it as fraudulent.

How to Spot and Avoid This Scam?

There are a number of red flags users should watch out for:

  • Unfamiliar recipient addresses like ones ending in “.test-google-a.com”
  • Subject lines that don’t match the email’s content
  • No personalization (legit PayPal emails use your full name)
  • Urgent language like “This link will expire in 24 hours”
  • Unexpected charges or references to crypto wallets
  • A known fraud phone number listed as the help contact

How to Stay Safe?

Cybersecurity experts recommend these steps to avoid falling for such scams:

  • Do not click links in suspicious emails
  • Visit paypal.com directly and check your account for alerts
  • Search the phone numbers or sender emails for known scam reports
  • Enable two-factor authentication (2FA) for stronger account protection
  • Report phishing emails to phishing@paypal.com

With over 434 million active users, PayPal remains a top target for cybercriminals, making it essential to stay vigilant against evolving threats.

SQ Magazine Takeaway

Honestly, this one is scary. It uses PayPal’s real website to execute the scam, which means even savvy users could get tricked. I always tell people to go directly to the website if something looks fishy in your inbox. And please, turn on two-factor authentication. It’s a simple step that could save your money and your peace of mind. This scam proves that phishing has gone next level.

Add SQ Magazine as a Preferred Source on Google for updates!Follow on Google News
Sofia Ramirez

Sofia Ramirez

Senior Tech Writer

Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps readers stay informed and secure in today’s fast-changing tech landscape. Passionate about making cybersecurity accessible, Sofia blends research-driven analysis with straightforward explanations; so whether you’re a tech professional or a curious reader, her work ensures you’re always one step ahead in the digital world.
Disclaimer: Content on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Related Posts

China’s Zhipu AI Launches GLM-4.5 Series, Dominates Open Benchmarks
Artificial Intelligence

China’s Zhipu AI Launches GLM-4.5 Series, Dominates Open Benchmarks
Aptos Veterans Launch $50M Venture Fund to Back Hands-On Crypto Builders
Cryptocurrency

Aptos Veterans Launch $50M Venture Fund to Back Hands-On Crypto Builders
Clockwork Secures $20.6M to Power Smarter AI Infrastructure
Artificial Intelligence

Clockwork Secures $20.6M to Power Smarter AI Infrastructure

Reader Interactions

Leave a Comment

Company
Discover
Categories
  • Artificial Intelligence
  • Cybersecurity
  • Gaming
  • Internet
  • PR
Artificial Intelligence
Cybersecurity
Gaming
Internet
PR