New PayPal Warning As Attacks Spike By 600% — Take Action Now
PayPal scams rise by 600% since the start of 2025.
No doubt, you will have read the recent news articles about hackers trying to steal your Gmail account password, or maybe the spray and pray campaign targeting your Windows account, because cybercriminals follow the money. Both the Gmail and Windows user bases, which are often one and the same thing, provide the opportunity to compromise huge numbers of passwords and gain access to the data that sits behind them. What's more, those accounts can also be used to leverage social engineering attacks. And that, dear reader, is where the phishing and money parts of the story intersect: it has been reported that PayPal attacks have risen by 600% since January. Here's what you need to know and why you must take action now.
Let's get two things out of the way before digging deeper into the recent spike in PayPal-related attacks. Firstly, PayPal hacks and scams are nothing new. From the use of legitimate PayPal emails in one nasty threat campaign that I wrote about in February, to the dangerous PayPal invoice that could bypass security protections in May. And, secondly, PayPal actually does take your security very seriously indeed. So, in relation to that last attack, for example, PayPal told me it is constantly evolving its fraud detection tools, including adding fraud reminder notices with advice for customers on all global invoice requests and peer-to-peer money requests.
But, and it's a big one, that doesn't mean that the PayPal attack landscape isn't expanding or can be ignored. Far from it, in fact. A McAfee security report by Abhishek Karnik, McAfee's director for threat research and response, has confirmed a massive 600% spike in fraudulent PayPal-related scam emails since January. 'The recent surge has been traced to a single, highly effective campaign where attackers send official-looking emails with 'Action required' warnings,' Karnik warned, 'demanding users update their account details within 48 hours or face account suspension.'
I have approached PayPal for a statement, but in the meantime, users are advised to take the following mitigation steps to prevent becoming a victim of this or other PayPal phishing scams:
Do not pay any unexpected or suspicious invoices or payment requests.
Do not respond to any of the above requests.
Enable two-factor authentication for your PayPal account.
Report any phishing emails to the PayPal security team by forwarding them to phishing@paypal.com and then deleting them.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
9 hours ago
- Yahoo
New PayPal scam uses real emails to trick you
There's a new PayPal phishing scam making the rounds, and it's so convincing that even security-conscious users are getting caught in it. Unlike typical scams riddled with typos and fake domains, this one uses PayPal's own email system to send you an alert that looks 100% real. You might get a message like, "You added a new address. This is just a quick confirmation that you added in your PayPal account." Except … you didn't. And what if you don't even have a PayPal account? Here's what this scam entails, why it works and how to protect yourself. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. Fake Venmo Accounts Are Stealing Donations From Real Charities Most phishing scams try (and fail) to impersonate big companies. You've probably seen the classics: weird grammar, suspicious email addresses, Microsoft spelled with a "k". They're laughably bad. But this scam flips the script because it uses PayPal against you. Here's how the scam operates: Read On The Fox News App Exploiting real features: Scammers abuse PayPal's "add address" or "money request" tools. By entering your email, they can trigger real emails from PayPal's real domain. And this works even if you don't have a PayPal account. Bypassing filters: Because these emails come directly from PayPal's servers (service@ they pass all security checks and appear legitimate in your inbox. Lack of suspicion: Some versions contain no phishing links at all, just a scammer's phone number, making them even harder to detect. Panic bait: The message often claims a new address was added, or a large payment is being processed, getting your attention and provoking a quick reaction. Follow-up attacks: After the initial email, scammers may later contact you pretending to be PayPal support. Some urge you to click a link to "secure your account", which leads to a fake login page designed to steal your credentials. The Dark Side Of Paypal And How To Stay Safe This scam has been reported by dozens of users on Reddit and cybersecurity forums. One Reddit user posted a detailed thread in r/Scams showing screenshots of phishing emails that look like they came straight from PayPal's official address. In a newer and more sophisticated twist, scammers are removing links altogether. Instead, they include a phone number and ask you to call. Once you do, you're connected with a fake PayPal representative who says they need to verify your identity. They then instruct you to download what appears to be a PayPal-branded support tool, but really it's a customized remote access app hosted on a different server. And once it's installed, it gives the scammer full access to your device. New Phishing Scam Outsmarts Security Codes To Steal Your Info This part is still a bit of a mystery. With typical PayPal invoice scams, content is tightly controlled, which means you normally can't change the email structure or messaging. However, these new emails suggest that scammers may be exploiting internal features, like business tools or API fields, to sneak custom content into PayPal-generated alerts. It's not just phishing, it's weaponizing a legitimate system to create trust and evade detection. This scam is especially effective and dangerous because the emails come directly from PayPal's official servers, making it difficult to distinguish them from legitimate messages. Since the sender address and branding are authentic, recipients are more likely to trust the communication without suspicion. The scammers also use urgent language that creates a sense of panic, such as warnings about unauthorized activity or large charges. This pressure encourages people to act quickly and often before fully considering whether the alert is genuine. Additionally, the scam often involves follow-up contact through calls or texts from individuals posing as PayPal personnel, further exploiting the initial confusion and increasing the chances of victims giving up sensitive information. How To Protect Yourself From The Venmo, Zelle, And Cash App Scam That Can Wipe Out Your Savings In Seconds Even if you're vigilant, you can still be targeted. Here's how to stay safe: 1. Don't click links in suspicious emails, even if they look real, and use strong antivirus software. If you receive a PayPal alert you didn't expect, go to PayPal by typing into your browser or using the official app. Never click links or dial phone numbers provided in the email. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Enable two-factor authentication (2FA): Adding 2Fa to your PayPal and email accounts gives you a second layer of defense even if your password gets compromised. 3. Use a password manager: Using a password manager is the best way to ensure every login you use has a unique, strong password. No repeats means no chain reaction if one site gets hacked. Get more details about my best expert-reviewed Password Managers of 2025 here. 4. Check your account manually: If you're ever in doubt, just log into your PayPal account directly. Review recent activity and see if anything looks off. There is no need to rely on alerts alone. 5. Report the scam: Forward suspicious PayPal messages to phishing@ You can also report phishing attempts to the FTC. 6. Use a personal data removal service: Since phishing scams like the recent PayPal scam often target personal information that scammers gather from data brokers and people search sites, using a reputable data removal service can help reduce your exposure. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. This phishing scam is dangerous because it uses real PayPal emails sent from service@ Scammers exploit PayPal's built-in features to send real notifications that look legitimate. What makes it especially sneaky is the absence of links, Instead, these emails include a phone number, making them more likely to pass through spam filters. When you call, you're connected to a fake PayPal rep who pressures you into downloading a remote access tool disguised as support software. The safest move? Don't click, don't call. Just go straight to and check your account manually. If you've seen a version of this scam (or nearly fell for it), let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover Follow Kurt on his social channels Facebook YouTube Instagram Answers to the most asked CyberGuy questions: What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? What is the best way to stay private, secure and anonymous while browsing the web? How can I get rid of robocalls with apps and data removal services? How do I remove my private data from the internet? New from Kurt: Try CyberGuy's new games (crosswords, word searches, trivia and more!) CyberGuy's Exclusive Coupons and Deals Copyright 2025 All rights article source: New PayPal scam uses real emails to trick you
Yahoo
11 hours ago
- Yahoo
UBS Reiterates Price Target for PayPal Amid New TPV Category Breakdown
PayPal Holdings, Inc. (NASDAQ:PYPL) ranks among the best fundamental stocks to buy according to hedge funds. On June 23, UBS maintained its $75 price target and Neutral rating for PayPal Holdings, Inc. (NASDAQ:PYPL). Considering their varied contributions to gross profit, the firm noted the importance of understanding the different Total Payment Volume (TPV) categories that make up PayPal's operations. In order to better identify its business divisions, PayPal Holdings, Inc. (NASDAQ:PYPL) unveiled three newly defined Total Payment Volume (TPV) categories at its 2025 Investor Day. These include P2P & Other Consumer, which covers peer-to-peer payments and debit card activity; Branded Checkout (Online), which now includes Pay with Venmo and eBay transactions; and PSP, which includes Braintree and the majority of services previously included under 'Other Merchant Services.' UBS pointed out that, according to its prior definition, Branded Checkout accounts for roughly 30% of volume but generates roughly two-thirds of transaction gross profit. PayPal Holdings, Inc. (NASDAQ:PYPL), based in San Jose, California, operates a technology platform that enables digital payments for merchants and customers worldwide. The company provides payment services under several brands, including PayPal, Credit, Braintree, Venmo, Xoom, and Zettle. While we acknowledge the potential of PYPL as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. Read More: and Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Upturn
11 hours ago
- Business Upturn
ZA Miner Introduces Short-Term Mining Contracts to Boost Passive Income Opportunities
By GlobeNewswire Published on June 29, 2025, 19:20 IST London, UK , June 29, 2025 (GLOBE NEWSWIRE) — Short-Term Crypto Mining Contracts Offer Fast, Flexible Passive Income with Full Fund Security — No Hardware or Technical Knowledge Required June 2025 — As crypto markets continue to evolve, ZA Miner has launched a new series of short-term cloud mining contracts designed for users seeking quick, low-risk passive income without long-term commitments. With a focus on accessibility, fund safety, and fast ROI, these contracts are ideal for first-time crypto investors, those testing new strategies, or anyone looking to diversify income streams with minimal effort and no hardware setup. New Short-Term Contracts for Passive Income ZA Miner's new contracts are optimized to deliver returns within days or weeks, making them one of the fastest crypto-earning options on the market. Each plan uses AI to adjust mining power in real-time for maximum profitability. Contract Name Duration Daily Return Minimum Deposit Key Benefit Starter Boost 1 Days 2% $100 Ideal for new users & testing Basic Power 2 Days 3.5% $200 Short, steady passive income Smart Week 6 Days 1.72% $1200 More profit with a low time lock Quick Yield 2 Days 4.24% $12080 Mid-range plan for higher output Returns are credited daily and can be withdrawn anytime after contract maturity. Who Should Try These Contracts? These short-term plans are designed for: New crypto users who want to start earning without risk who want to start earning without risk Passive income seekers looking for short lock-in periods looking for short lock-in periods Busy professionals who want hassle-free return who want hassle-free return Crypto holders interested in low-effort diversification interested in low-effort diversification Students or small investors exploring mining on a budget No hardware, no complex setup — just deposit and earn. All it takes is a few clicks. Security You Can Trust ZA Miner's platform is built with institutional-grade security to protect your funds and data: Cold Wallet Storage – User funds are stored offline to prevent cyber threats. – User funds are stored offline to prevent cyber threats. Multi-Layer Encryption – End-to-end SSL and user authentication protocols. – End-to-end SSL and user authentication protocols. Regulatory Compliance – Fully licensed and audited regularly. – Fully licensed and audited regularly. Cloudflare® & McAfee® Secure – Industry-standard infrastructure to detect and stop fraud. ZA Miner also offers real-time monitoring, smart contract transparency, and daily performance updates — so you're never in the dark. More Features That Make ZA Miner Stand Out AI-Driven Mining – Automatically mines the most profitable coins – Automatically mines the most profitable coins Eco-Friendly – 100% renewable energy-powered data centers – 100% renewable energy-powered data centers Mobile-Friendly – Mine and manage your account via app or browser – Mine and manage your account via app or browser Flexible Withdrawals – Withdraw to BTC, ETH, DOGE, LTC, XRP, USDT, or USDC – Withdraw to BTC, ETH, DOGE, LTC, XRP, USDT, or USDC Global Access – Available to users in over 100 countries Get Started in Minutes Sign up on Choose your preferred short-term contract Deposit crypto (minimums start at just $10) Start earning — your income begins accumulating daily! Final Thoughts With this new short-term contract lineup, ZA Miner continues its mission to democratize crypto mining. Whether you're looking to start small or optimize your idle crypto, these contracts offer a secure, fast, and sustainable path to earning passive income. 'These plans are made for everyday people—not just crypto pros,' a ZA Miner spokesperson shared. 'We're building a platform where anyone can benefit from blockchain without the burden of hardware or high risk.' Disclaimer: The information provided in this press release does not constitute an investment solicitation, nor does it constitute investment advice, financial advice, or trading recommendations. Cryptocurrency mining and staking involve risks and the possibility of losing funds. It is strongly recommended that you perform due diligence before investing or trading in cryptocurrencies and securities, including consulting a professional financial advisor. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. Ahmedabad Plane Crash GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
