Watch out - that urgent PayPal email could be a phishing scam

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

(Image credit: weerapatkiatdumrong / Getty Images)

A new warning issued by the Federal Trade Commission (FTC) has urged internet users to be wary of new phishing email scams, supposedly coming from payment gateway PayPal and crypto wallet platform MetaMask.

The PayPal email warns customers that BNC Billings has canceled their payment to Binance, while the MetaMask email informed customers that their cryptocurrency wallet has been blocked.

Both are scams, and the FTC is asking that recipients forward such emails to reportphishing@apwg.org. They should not interact with the email, and delete it immediately.

PayPal and MetaMask phishing emails

The convincing email supposedly from PayPal is decorated with legitimate colors, logos, and fonts. It also includes a dud invoice, and in the body of the email is a phone number that links directly to the scammer who proceeds to ask unsuspecting customers for sensitive information, such as account passwords, payment detail information, and personal information.

Twitter user OF24com describes how the invoice appears to use the legitimate PayPal domain, helping to persuade even the savviest of PayPal users to share their information.

> These are the best firewall options to keep you safe online

> This odd phishing scam targets victims with a blank image

> These are the most common PayPal scams around right now - so stay alert

While the PayPal phishing email uses alarming prices to frighten customers into action, the MetaMask scam employs a sense of urgency. The email reads:

“Due to the dramatic increase in our platform users, some wallets still need to manually perform the new upgrade. You must upgrade your wallets before [date] in order to keep your assets secure and accessible.”

In an effort to protect citizens, the FTC is advising victims to “slow down” and to assess the email and their circumstances more carefully. The advice is also not to click on any links - if a company has shared a message with you, you will usually be able to find it on the website, in your account (accessed directly via the website), or by phoning the company (again, directly from its website). Contact details shared in an email may not belong to the company in question.

Other general advice includes downloading and updating malware removal tools and endpoint protection software.

Worried you may be at risk? Download the best ID theft protection hand-picked by us

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!