An ongoing email scam exploits a weakness in PayPal’s “Subscriptions” billing feature, allowing malicious actors to send genuine PayPal emails containing fraudulent purchase alerts within the Customer service URL field. This deceptive tactic is used to bypass standard security filters and aims to convince recipients that they have made an expensive unauthorized purchase, urging them to call a bogus support number.
People have recently reported getting emails from PayPal with the subject line, “Your automatic payment is no longer active,” which are technically legitimate emails sent directly from the official “service@paypal.com” address. The customer service link in these authentic emails is being manipulated by scammers to display a fake notification of an expensive purchase, such as a high-value electronic device. This unusual modification is causing concern among recipients who worry their PayPal accounts may have been compromised.
The modified text embedded in the customer service link includes a domain, a message confirming a substantial payment that typically ranges from $1,300 to $1,600, and a phone number to call for cancellation or disputes. To avoid detection by email security systems and spam filters, the text is intentionally padded with various Unicode characters that cause some portions to appear in non-standard fonts or to look bolded. The fraudulent message clearly directs the recipient to contact a provided phone number to resolve the unauthorized charge.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The primary objective of these deceptive emails is to frighten the recipients into believing their account has been charged for an expensive item and pressure them into urgently calling the supposed “PayPal support” phone number provided by the scammers. Scams employing this methodology have historically been used to trick victims into calling a number to either commit bank fraud or convince them to install harmful software on their devices. Because the emails originate from PayPal’s servers, they are able to successfully bypass common spam and security filters, increasing their effectiveness.
Therefore, anyone who receives a legitimate PayPal email that contains an unexpected and fake purchase confirmation and urges them to call a number should ignore the message and refrain from contacting the provided number. If you are genuinely worried about the security of your PayPal account, you should not rely on the information in the email but instead log in directly to your official PayPal account through a web browser or the app to verify if any unauthorized charge has actually occurred.
Source: Paypal Subscriptions Abused To Send Fake Purchase Emails