1. Forum
  2. tqwNet
  3. TQW GENTECH

  • PayPal user beware - experts warn subscriptions being abused to s

    From TechnologyDaily@1337:1/100 to All on Wed Dec 17 18:45:08 2025
    PayPal user beware - experts warn subscriptions being abused to send fake purchase emails

    Date:
    Wed, 17 Dec 2025 18:35:00 +0000

    Description:
    A legitimate PayPal platform is being abused to bypass email protections and send phishing messages.

    FULL STORY ======================================================================Scammers
    are abusing PayPals Subscriptions feature to inject phishing messages into legitimate PayPal emails A manipulated customerservice URL and a forwarding Google Workspace list spread the fake notices widely PayPal says its mitigating the issue and urges users to treat unexpected subscription emails with caution

    Scammers are using PayPals Subscriptions feature to send convincing phishing emails and trick users into giving away access to their accounts on the platform.

    Subscriptions is a feature that lets businesses charge customers
    automatically on a regular schedule. Customers sign up once and agree to recurring payments, which PayPal then processes automatically.

    If the business terminates someones subscription, that person is notified via email that comes directly from PayPals servers and, as such, passes most
    email security scans. Abusing mailing lists

    So how do the scammers abuse this feature?

    As BleepingComputer explains, the email includes a customer service URL which the crooks somehow managed to modify to include the phishing message. At this time, it is unknown how they achieved that, and it is speculated that they
    are either abusing a flaw in how PayPal handles subscription metadata, or using an API or a legacy platform.

    The message contains phishing content were used to seeing in these scams - warning recipients that theyve purchased an expensive item and that, if they want to cancel the order, they should call PayPal on the phone number
    provided in the message.

    However, this still does not answer the question how the victims received
    this message, if they never subscribed to a particular business.

    Apparently, the original email gets sent to just one address - "receipt3@bbcpaglomoonlight.studio". The researchers believe this is a Google Workspace mailing list that automatically forwards the email to all other group members which, in this case, are the victims.

    This forwarding can cause all subsequent SPF and DMARC checks to fail, since the email was forwarded by a server that was not the original sender, the publication wrote.

    PayPal was notified about the abuse, and it confirmed to currently be working on a fix:

    PayPal does not tolerate fraudulent activity, and we work hard to protect our customers from consistently evolving phishing scams," PayPal told BleepingComputer .

    "We are actively mitigating this matter, and encourage people to always be vigilant online and mindful of unexpected messages. If customers suspect they are a target of a scam, we recommend they contact Customer Support directly through the PayPal app or our Contact page for assistance."

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/paypal-user-beware-experts-warn-subscri ptions-being-abused-to-send-fake-purchase-emails


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)