Millions of PayPal users put on alert over sophisticated new scam

PayPal users have been warned about a new scam targeting them. (Source: Getty / MailGuard)

It’s no secret scams have been running rampant, but Aussies have been warned to stay on alert for a sophisticated new PayPal scam.

MailGuard said over the past few months it had been blocking the new scam but, recently, it had noticed the frequency of the scam was rising.

“While MailGuard prevents this threat from ever landing in your business’s inbox, it’s important that you know what to look out for should it be sent to your personal account,” MailGuard said.

“In this scam, attackers are using a PayPal feature, which enables them to send requests to individuals for money to be transferred to them. Their intention is to send as many money requests to as many people as possible in the hope that someone will blindly approve the request.”

• Also read: Aussies had 90 million scam texts blocked from phones

• Also read: Telstra customers warned to look out for worrying letter: ‘Secret mission’

• Also read: Aussie catches scammer in wild conversation: 'Nice try, bro'

MailGuard said while PayPal had restrictions in place to restrict the practice, scammers had found a way to bypass the security measures.

MailGuard said the criminals were using compromised Office 365 accounts to create second profiles on PayPal. These profiles are then connected to the primary account as a “friend”, and emails from PayPal are redirected to a list of known users with PayPal profiles.

“This allows scammers to trick unsuspecting individuals into transferring funds to the fake profile,” MailGuard said.

What are the red flags of the scam?

MailGuard said to pay special attention to the ‘To’ address in the PayPal email. If it is not addressed to your personal email, it may be a scam.

The scam appears to be legitimate at first glance. (Source: MailGuard)

“To the untrained eye, the email with the money request may look legitimate, particularly because it has a label that reads, ‘This message is from a trusted sender’,” MailGuard said.

“As the email is originally legitimate and has originated from PayPal before being redirected, PayPal themselves signed the email, which causes it to show as valid upon any checks.”

MailGuard said the money request was usually for a few hundred dollars and provided a contact number to “feign authenticity”.

“Although we have not verified this, we can assume that calling the number will lead to a scammer convincing you that the charge is legitimate and threatening action if the sum is not paid,” MailGuard said.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to our free daily newsletter.