Nasty and sophisticated scam: BEWARE of this!
If an email recently landed in your inbox with a subject line like "Pending charge of USD 987.90 for account activation. Questions? Call 855
Don’t get caught off guard by this. It’s quite a slick one.
What to actually do If you get one of these, the answer is boring and it works every time: Don't call the number. Don't reply. Don't click links in the email — not even the unsubscribe link. Open a fresh browser tab, type paypal.com yourself, and log into your account. Check your activity. You'll see either nothing, or a tiny incoming payment from a stranger that you can ignore. Then forward the original email as an attachment to [email protected] and delete it. If you want to go a step further, report the phone number to the FTC at reportfraud.ftc.gov — every report makes it slightly harder for these operations to keep running. And if you've already called? Don't beat yourself up — these scams are designed by professionals to fool smart people. Hang up, run a malware scan if you installed anything they asked you to install, change your PayPal and bank passwords from a different device, and call your bank's real fraud line (the number on the back of your card) to flag your accounts. Move fast, but you don't need to panic.
from the above linked article. For the UK the email to forward phishing scams to is [email protected], texts can be forwarded on to 7726 (for free!) and as a victim of fraud you can report it here (or here for Scotland)
— If an email recently landed in your inbox with a subject line like "Pending charge of USD 987.90 for account activation. Questions? Call (855) 629-1161" — don't call that number. Don't click anything. And whatever you do, don't panic-dial to "stop the charge."
You're being targeted by one of the cleverest scams going right now, and the reason it works is uncomfortable: the email genuinely came from PayPal.
The trick is in the subject line, not the email
When most people think "phishing email," they picture sketchy senders, broken English, and links to weird domains. This scam is the opposite. The email passes every authenticity check — SPF, DKIM, DMARC, all green. It comes from PayPal's actual mail servers. The fonts are right. The footer is right. The unsubscribe link works. If you forwarded it to a security expert and asked "is this really from PayPal?" they'd have to say yes.
So how is it a scam?
Scammers have figured out that PayPal lets anyone send small amounts of money to anyone else, and that PayPal will dutifully email the recipient a notification. The scammer sends you a payout of, say, one Hungarian forint — about a quarter of a cent. PayPal's system then automatically generates and sends you a real, legitimate, fully-authenticated email confirming the transaction.
Here's the catch: the email's subject line is whatever the scammer typed when they set up the payout. PayPal doesn't sanitize it. So they write something terrifying like "Pending charge of USD 987.90 — call this number with questions" and PayPal's servers cheerfully deliver that subject line straight to your inbox, wrapped in a perfectly legitimate-looking notification.
The actual transaction in the email body is for 1 forint. There is no $987.90 charge. There never was. But by the time most people read carefully enough to notice that, they've already dialed the number. —
