Alert: PayPal ‘New Address’ Phishing Scam

05.03.25

Threat Intelligence Alerts

Home News Alert: PayPal ‘New Address’ Phishing Scam

The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature.

How the Scam Works:

Scammers send fake PayPal emails claiming a new address was added to your account and a purchase was made, in order to trick users into believing their account has been compromised.
Recipients are urged to call a provided number if they did not authorise the purchase.
However, this number connects to scammers who attempt to gain remote access to the victim’s computer and steal sensitive information.

Our partner, NatWest Bank, has brought this issue to our attention, emphasising the importance of vigilance and caution when dealing with unexpected emails.

**PayPal “new address” feature abused in scam**
*Source: BleepingComputer*

This is a strong example of how these scams can appear genuine. It is important to take the right steps if a user receives these e-mails to ensure they don’t fall victim.

What to do:

Ignore such emails and do not call any provided numbers.
Log into your PayPal account directly, through the official PayPal website or app, to check for unauthorised activity or changes.
Report phishing emails to PayPal’s official support.

Bleeping Computer has highlighted this scam in detail, explaining that the emails are sent from legitimate PayPal addresses, bypassing security filters. If you receive such an email, do not engage with the scammers. Stay informed and protect your personal information by following these guidelines.

How the Scam Works:

What to do:

Related Link:

Microsoft 365: Legacy Authentication Protocols Security Update

EchoLeak: Critical Zero-Click Vulnerability in Microsoft 365 Copilot

Microsoft’s June 2025 Patch Tuesday: One Zero-Day and Ten Critical Vulnerabilities Among 66 CVEs