PayPal Logo on Tablet Computer
Home ScamsPhishing Scams ‘You Added a New Email Address’ PayPal Phishing Scam

‘You Added a New Email Address’ PayPal Phishing Scam

by Brett M. Christensen

Scammers continue to distribute fake PayPal emails designed to steal your personal and financial information.

As reported on the MailGuard blog, a recent scam email purporting to be from PayPal is claiming that you have added a new email address to your PayPal account.

Supposedly, the email is a “quick confirmation” of the email address change.

The email includes the PayPal logo and footer information. At first glance, the email may appear to be a genuine PayPal security notification. To further the illusion, the email even asks you to let PayPal know right away if you didn’t add anew email address.
But clicking the “let us know” link opens a fraudulent website that has been built to look like the genuine PayPal site. The fake site takes you through a series of forms that ask for your PayPal account login credentials,  your name and address information, and your credit card details.

After you have submitted the requested information, you will be automatically redirected to the genuine PayPal website.

Criminals can now use the information you provided to hijack your PayPal account and commit fraudulent PayPal and credit card transactions.

PayPal phishing scams like this one are very common and take many forms.  Criminals have used the “changed email address” ruse many times before.  Some versions claim that you need to update your account information to avoid an account suspension. Others claim that you have sent a payment that you know nothing about and try to trick you into clicking a “cancel transaction” link.

Keep in mind that genuine PayPal notification emails will ALWAYS address you by name. They will NEVER use generic greetings such as “Dear User”, “Dear Customer” or “Dear [your email address]”. Nor will they omit the greeting altogether.

PayPal has information about phishing scams and how to report them on its website. 

An example of the scam email:

Subject: You added a new email address to your PayPal account

Dear User,

This is just a quick confirmation that you added a new email address (removed) to your PayPal account.

If you want to make this your primary email address – where we’ll send all your account-related information – log in to your PayPal account and go to your Profile.

If you didn’t add this email, let us know right away. It’s important because it helps us make sure no one is getting into your account without your knowledge.