If you’ve received a PayPal email claiming an expensive purchase was made on your account, there’s likely no need to freak out. We’ll cover how a scam is abusing PayPal’s system to send legitimate looking emails as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• Why some PayPal emails are triggering panic
• What these fake purchase notices look like
• How scammers are making emails seem legitimate
• Why spam filters aren’t stopping them
• What scammers want you to do next
• How PayPal is addressing the issue
• What to do if one lands in your inbox

Video Transcript

You may remember us mentioning a PayPal-related scam earlier this year. And, as you might have guessed, scammers have once again found a new method to instill panic in online shoppers.

So, let’s start with what people are seeing that’s causing a commotion. PayPal users are receiving emails that appear to come directly from the company, with a notification that their automatic payment is no longer active. Clicking the email adds to the confusion, as it reveals a message claiming they’ve made a costly purchase for some type of high-end device. At the bottom, there’s a phone number and email included to dispute the charge. But rather than connecting you with PayPal, this sends you right over to scammers who are waiting for those that take the bait.

What makes this scam especially convincing is that these emails are real PayPal emails. They appear to come from PayPal’s official address, pass security checks, and look identical to legitimate notifications, hence why they aren’t landing in spam folders.

So how is that possible? PayPal subscriptions are what people use for things like monthly services, memberships, or recurring payments. When something changes, like a subscription being canceled, PayPal automatically emails the customer to notify them.

Scammers have figured out how to abuse this system by creating subscriptions and canceling them to create notifications that they can they forward to potential victims. Now, here’s where things get interesting. While, traditionally, there’s no method to add custom text to these notifications, scammers have begun manipulating a part of the form called the Customer Service URL. Instead of just listing a website link, they insert text that looks like a purchase confirmation.

As a result, people are seeing these legitimate looking emails with crazy costs attached and are picking up the phone to give the included number a call. Once on the phone, scammers may try to steal financial information or pressure you into approving transactions.

The good news is PayPal is aware of this activity. They’ve confirmed they’re actively working to shut down the method being used to generate these emails and reduce abuse of the subscription system. But until that work is fully complete, there are a few important things to do right now.

If you receive one of these emails, don’t call the number listed in the message. Instead, open a browser and log into PayPal directly, not through the email. Check your account activity and if there’s no charge, no purchase, and no compromised account, you shouldn’t have to worry.

For businesses, this is also a strong reminder that even legitimate-looking emails can’t always be trusted. Training teams to slow down, verify transactions independently, and avoid reacting to urgency is one of the most effective ways to stop scams like this before damage is done. And if you’d like help educating your team, strengthening security awareness, or protecting your organization from scams that bypass traditional filters, Rocket IT is here to help. Simply contact us using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.