Cybercriminals are now abusing PayPal’s legitimate subscriptions billing feature to deliver convincing phishing emails. By manipulating the Customer Service URL field, attackers embed fraudulent purchase notifications into PayPal’s trusted confirmation messages, tricking recipients into believing charges are genuine. Victims are redirected via links to deceptive customer service pages where they are coerced into disclosing sensitive data or sending money.
This exploitation of whitelisted infrastructure highlights a shift in tactics, meaning genuine-looking PayPal emails can be weaponised. IT teams should refresh staff training to address new threats utilising reputable platforms, not just suspicious senders. Users are urged to verify activity directly through PayPal’s official website, avoiding links in emails. Brand familiarity no longer guarantees safety—heightened vigilance is essential.
PayPal Subscription Scams Weaponise Legitimate Transaction Emails
