PayPal Subscription Feature Abused to Send Fake Purchase Emails

First reported

14.12.2025 18:06

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Scammers are exploiting PayPal's Subscriptions feature to send legitimate-looking emails containing fake purchase notifications. The emails, sent from PayPal's official [email protected] address, claim recipients have made expensive purchases and include a phone number for 'support.' The scam bypasses spam filters due to its legitimate origin, tricking users into contacting scammers. The emails are generated by pausing a subscription, which triggers PayPal's automated notification system. The scammers manipulate the Customer Service URL field to include fake purchase details, exploiting a potential flaw in PayPal's handling of subscription metadata. Victims are urged not to call the provided number and to verify their PayPal account for unauthorized transactions.

Timeline

14.12.2025 18:06 1 articles · 22h ago

PayPal Subscription Feature Abused to Send Fake Purchase Emails
Scammers are exploiting PayPal's Subscriptions feature to send legitimate-looking emails containing fake purchase notifications. The emails, sent from PayPal's official [email protected] address, claim recipients have made expensive purchases and include a phone number for 'support.' The scam bypasses spam filters due to its legitimate origin, tricking users into contacting scammers. The emails are generated by pausing a subscription, which triggers PayPal's automated notification system. The scammers manipulate the Customer Service URL field to include fake purchase details, exploiting a potential flaw in PayPal's handling of subscription metadata. Victims are urged not to call the provided number and to verify their PayPal account for unauthorized transactions.
Show sources

Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
Open in new tab

Information Snippets

Scammers abuse PayPal's Subscriptions feature to send fake purchase emails from PayPal's official [email protected] address.
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
The emails bypass spam filters due to legitimate PayPal origin and pass DKIM and SPF checks.
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
Fake purchase details are embedded in the Customer Service URL field, which is manipulated to include non-URL text.
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
The scam emails target recipients with claims of expensive purchases and a phone number for 'support.'
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
PayPal's automated notification system sends the emails when a subscription is paused, triggering the scam.
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06
The emails are forwarded via a Google Workspace mailing list, causing SPF and DMARC checks to fail.
First reported: 14.12.2025 18:06

1 source, 1 article
Show sources
- Beware: PayPal subscriptions abused to send fake purchase emails — www.bleepingcomputer.com — 14.12.2025 18:06