A sophisticated PayPal scam is currently circulating, exploiting the platform’s address settings to send legitimate-looking purchase notifications. The scam involves fake MacBook purchase confirmations and attempts to trick users into granting remote access to cybercriminals.

How the Scam Works:
– Scammers utilize PayPal’s “gift address” feature to send authentic emails from [email protected]
– Recipients receive notifications about new addresses added to their accounts
– Emails include false purchase confirmations for a MacBook M4 ($1,098.95)
– A fraudulent customer support number is provided for “unauthorized purchases”

Technical Exploitation:
1. Scammers add new addresses to PayPal accounts
2. They inject scam messages into address fields
3. PayPal sends legitimate confirmation emails
4. Messages are forwarded through a chain:
– Scammer’s PayPal email
– Microsoft 365 mailing list
– Multiple target recipients

Security Risks:
– Scammers attempt to convince victims to download ConnectWise ScreenConnect
– If successful, criminals can:
– Access bank accounts
– Deploy malware
– Steal personal data

Protection Measures:
– Ignore phone numbers in PayPal emails
– Verify account changes directly through PayPal’s website
– Be suspicious of unsolicited purchase confirmations
– Never download software at the request of unsolicited support calls

The vulnerability persists due to PayPal’s unlimited character allowance in address fields, enabling scammers to inject fraudulent messages into legitimate communications.