Scam of the day – October 29, 2025 – New Sophisticated PayPal Scam

by | Oct 28, 2025 | Scam of the day

PayPal is a popular payment service used successfully by many people particularly when making purchases through eBay. However, because it is so popular with the public, it is also popular with scammers who  over the years have created numerous PayPal based scams about which I have reported to you in the past.  Many of the scams involve phony invoices that lure you into clicking on malware infected links or providing personal information that is used to make you a victim of identity theft.

This new scam starts with an email, reproduced below that apears to come from a legitimate PayPal email address.  Often scammers use botnets of infected computers to send out such phishing emails so that the email address of the sender clearly shows it is not coming from the real company the scammer is posing as.  However, in this instance the scammers use special software programs that allow them to “spoof” a legitimate PayPal email address even though the phishing email is not coming from PayPal.  The subject line indicates “Set up your account Profile” while the email itself refers to a charge that you have not made.  Often PayPal phishing scams provide fake links and telephone numbers to use to dispute phony claims with the intention of gathring information from you to facilitate access to your account.

In this case, if you click on the link to set up your profile, it actually takes you to PayPal, but not to set up your profile, but rather to provide information to add the scammer as a secondary user of your account, thereby allowing them to utilize your account

The Paypal account profile set up email

TIPS

Fortunately, this particular scam is easy to avoid.  You should start out by being aware that this scam is active and remembering my motto, “BS – Be skeptical.”   The easy way to avoid this scam is to never log into your PayPal account through a link in an email because to do so may merely take you to fake email account.  Always access your PayPal account independently through your browser.  There you can find any legitimate communications from PayPal.

Another indication that this is a scam is that it is sent to you as part of a bulk mailing and is not sent to your email address solely.

Legitimate emails from a company with which you do business would include the last four digits of your account and include your name rather than just your email address.  This email had neither.

Set up dual factor authentication for your PayPal account will help prevent scammers from accessing your accounts and is something you definitely should do.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”