PayPal - You Added A New Address Email Scam
Table of Contents
Understanding the PayPal Address Change Scam
The "PayPal - You Added A New Address" email scam is a fraudulent campaign designed to deceive users into believing that their PayPal account has been modified without authorization. These emails claim that a new shipping address has been added, and in some cases, they mention an expensive purchase that the recipient does not recall making. The ultimate goal of these messages is to manipulate recipients into contacting fake customer support numbers, where fraudsters try to gain remote access to victims' devices.
These Emails Are Not from PayPal
Despite appearing legitimate, these emails are not connected to PayPal Holdings, Inc. Scammers craft them to resemble official PayPal notifications, using similar formatting, branding, and language. The fraudulent messages often include urgent warnings about unauthorized activity, pressuring recipients into taking immediate action. However, these emails are entirely false, and responding to them can put personal and financial information at risk.
Variations of the Scam Messages
There are multiple variations of the "PayPal - You Added A New Address" scam. Some versions simply notify recipients that a new address has been linked to their PayPal account, while others include details of a high-value purchase supposedly made using the account. Examples include claims of a MacBook M4 Max purchase for $1,217.79 or warnings of suspicious activity linked to an address update. These emails direct recipients to call a provided phone number if they do not recognize the change.
Here's what one of those messages says:
Subject: You added a new address
Hello, Billing Team
PayPal
You added a new address
This is just a quick confirmation that you added an address in your PayPal account.
Here are the details:
Name: Billing Team
Address Updated:
7535 Dadeland Mall, Apple Store
Attention: Your MacBook M4 Max ($1217.79) order address has been changed in our system. If you didn’t request this, contact PayPal immediately at +1-888-651-4143.
Miami, FL
United StatesIf you want to link your credit card to this address, or make it your primary address, log in to your PayPal account and go to your Profile.
Since this address is a gift address, you can send packages to it with just a click.
Please note that you can't link your credit card to a gift address. If you'd like to make this your primary address, log in to your PayPal account and go to your Profile.
If you didn't make this change, let us know right away. It's important to let us know because it helps us make sure no one is getting into your account without your knowledge.
PayPal
Help & Contact | Security | Apps
Twitter Instagram Facebook LinkedIn
PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing
Please don't reply to this email. To get in touch with us, click Help & Contact.
Not sure why you received this email? Learn more
Copyright © 1999-2025 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal RT000542:en_US(en-US):1.0.0:f668200733ace
How Scammers Send These Emails
One unique aspect of this scam is that some emails bypass spam filters and appear in users' main inboxes. This is because fraudsters exploit PayPal's automated notification system. By adding a new address to a PayPal account they control, scammers insert their fraudulent message into the "Address 2" field, which has minimal character restrictions. When PayPal sends an automatic confirmation email about the update, it includes the scam text. This message is then forwarded to targeted users, making it look like a legitimate PayPal notification.
The Goal: Getting Victims to Call the Fake Support Line
The scam relies on convincing recipients to call the phone number listed in the email. Upon calling, victims are connected to fraudsters impersonating PayPal representatives. These scammers attempt to persuade users to download and install remote access software, such as AnyDesk or ConnectWise ScreenConnect. Although these programs are legitimate, scammers can modify or preconfigure them to gain full control of the victim's device.
The Next Steps of the Scam
Once remote access is established, scammers employ various tactics to steal money or sensitive data. One common approach is the "refund scam," where fraudsters trick victims into believing that PayPal has issued an incorrect refund. Victims are then pressured into "returning" the excess amount, which results in them unknowingly sending their own money to the scammers. The fraudsters may also attempt to steal login credentials, banking details, or personal documents.
The Hidden Dangers of These Attacks
Beyond financial fraud, scams like this can expose victims to additional risks. If scammers gain access to a device, they may install high-risk programs that steal sensitive data or monitor online activity. In some cases, they could introduce malware capable of compromising accounts, encrypting files, or carrying out further fraudulent activities.
Steps to Take If You Have Fallen Victim
If you have granted scammers remote access to your device, the first step is to disconnect from the Internet immediately. This prevents them from maintaining control. Next, uninstall the remote access software to remove their ability to reconnect. Finally, scan your device using security software to check for any malicious programs that may have been installed.
Similar Scams That Target Users
The "PayPal - You Added A New Address" scam is just one of many fraud attempts designed to exploit users' trust in well-known companies. Other scams, such as fake invoices from "Adobe Invoice," fraudulent security warnings from "Apple Security Releases," and misleading emails about "Zoom Antivirus Plus Subscription," all follow similar patterns. These scams attempt to trick recipients into taking actions that compromise their security.
How Email Scams Spread Malware
Scammers do not rely solely on deception to steal money or information; they also use email campaigns to distribute harmful software. Some fraudulent emails contain infected attachments or links that, when opened, install malware on the recipient's device. These files may be masquerading as legitimate documents, such as PDFs, Microsoft Office files, or compressed archives. In many cases, simply opening the file is enough to trigger an infection.
How to Stay Safe from Email Scams
The best way to avoid falling for scams like this is to approach unsolicited emails with caution. If an unexpected email claims that an account change has been made, verify the information directly by logging into the official website rather than clicking on links in the message. Never call phone numbers listed in suspicious emails, and avoid downloading attachments or software from unknown sources.
Safe Browsing and Secure Downloading Practices
To further protect yourself, always download applications from official sources and keep your operating system and software updated. Avoid using third-party activation tools or unauthorized software updates, as these may contain harmful programs. Enabling multi-factor authentication (MFA) for important accounts adds another layer of security against unauthorized access.
Final Thoughts
The "PayPal - You Added A New Address" email scam is a deceptive attempt to manipulate users into revealing sensitive information or giving remote access to their devices. By understanding how these scams operate and remaining cautious with unexpected messages, users can better protect themselves from financial fraud and privacy risks. Awareness and vigilance are necessary if you want to stay safe in the evolving landscape of online scams.
