New PayPal Scam Alert: 5 Takeaways MSPs Need to Know

Cybercriminals are finding new ways to exploit security vulnerabilities, and the latest PayPal phishing scam is a prime example. This scam bypasses traditional email security filters, making it even more dangerous for users and businesses. As MSPs play a crucial role in cybersecurity, it’s essential to understand how this scam works and how to protect clients from falling victim to it.

Here are five key takeaways MSPs need to know about this new PayPal scam and how to mitigate its risks:

1. The Scam Exploits PayPal’s Legitimate Email System

This phishing attack leverages PayPal’s “New Address” verification emails to make the scam appear credible. When scammers add a new shipping address to their PayPal account, a confirmation email is automatically sent to the victim from PayPal’s legitimate “[email protected]” address. In the Address 2 field, scammers insert a fraudulent message like:

“Confirmation: Your shipping address for the MacBook M4 Max 1 TB ($1098.95) has been changed. If you did not authorize this update, please contact PayPal support at +1-888-668-2508.”

This message tricks recipients into believing their PayPal account has been compromised, leading them to call the fake support number.

2. Victims Are Tricked into Installing Remote Access Software

When victims call the fraudulent support number, they are connected to scammers posing as PayPal representatives. These cybercriminals use social engineering tactics to convince victims that their account has been compromised. They then persuade victims to install ScreenConnect, a remote access tool, under the guise of “helping” with account recovery.

Once installed, attackers gain full control over the victim’s system, allowing them to steal sensitive data, install malware, or execute unauthorized financial transactions.

3. The Scam Bypasses Email Security Filters

Because the phishing email is legitimately sent from PayPal’s servers, it easily bypasses common email security measures. Many traditional anti-phishing filters rely on detecting spoofed sender addresses, but since these emails originate from PayPal’s domain, they pass validation checks and appear trustworthy to both users and email security systems.

This makes the scam even more dangerous, as recipients may assume the email is legitimate.

4. MSPs Must Educate Clients on Social Engineering Tactics

Since this scam relies heavily on social engineering, MSPs should prioritize client education. Key recommendations include:

• Never trust unsolicited emails, even if they appear to come from a legitimate source.

• Verify suspicious activity directly through PayPal by logging into the official website instead of clicking links in emails.

• Avoid calling phone numbers provided in unsolicited emails—always use official support numbers found on the vendor’s website.

• Be cautious with remote access software—only install it when initiated by trusted IT professionals.

5. Implement Stronger Email Security and Fraud Detection Measures

MSPs can help clients enhance their security posture by implementing:

• Advanced email filtering solutions that detect unusual message content, even when sent from legitimate sources.

• Endpoint detection and response (EDR) tools to prevent unauthorized remote access.

• Multi-factor authentication (MFA) for financial accounts to add an extra layer of security.

• Ongoing cybersecurity training to help users recognize phishing tactics before falling victim.

MSPs as the First Line of Defense

As cyber threats grow more sophisticated, MSPs must stay ahead of evolving scams like this PayPal phishing attack. By educating clients, implementing robust security measures, and fostering a culture of cybersecurity awareness, MSPs can play a pivotal role in preventing financial fraud and protecting sensitive information.

If you haven’t already, consider conducting a cybersecurity awareness session with your clients to help them recognize and avoid scams like this. The best defense against phishing is knowledge and preparedness.