FTC issues warning over urgent emails from PayPal — it’s a phishing scam

PayPal logo on iPhone
(Image credit: Shutterstock)

The FTC is warning PayPal and MetaMask users to avoid responding to emails claiming to come from either company as they’re part of a new phishing scam.

In a new alert, the U.S. government agency explains that these fake emails try to instill a sense of urgency to get users to respond quickly. However, like other phishing emails, they’re actually from scammers looking to harvest your passwords and other sensitive data.

The fake emails claiming to be from PayPal say that a payment to the cryptocurrency exchange Binance has been canceled. At the top of the email, there is a phone number that recipients are urged to call for more information. Users that do call this number are then coerced into giving up their account information by the scammers on the other end of the line.

As for the emails purporting to come from MetaMask, they urge users to upgrade their crypto wallets in order to continue being able to access their assets. However, clicking on the “Recover My Wallet Now” button at the bottom of the email and entering your wallet details is a surefire way to hand all of your crypto over to the scammers behind this campaign.

If you see any odd emails from either PayPal or MetaMask, the best course of action you can take is to do nothing according to the FTC.

How to stay safe from phishing scams

Fish hook on a keyboard

(Image credit: Shutterstock)

Falling victim to a phishing scam can upend your entire life if you’re not careful. Besides gaining access to your accounts and any money they contain, scammers can also commit fraud in your name or even steal your identity outright. This is why knowing how to spot a phishing scam is so important.

When you see an odd email in your inbox, perhaps from an unknown sender or even a recognized brand like in this case, the first thing you want to do is read it over carefully and look for any red flags. From poor spelling and grammar to an email address that doesn’t appear legitimate, spotting these red flags can help you know which emails to ignore and which to actually take seriously.

Even if you don’t find any red flags, you still want to avoid clicking on any links or downloading any attachments a suspicious email may contain. You also want to avoid calling any phone numbers inside a suspicious email as scammers will have an easier time convincing you to do what they want over the phone.

At the same time, you should also be using one of the best antivirus software suites on your PC, the best Mac antivirus software on your Mac and the best Android antivirus apps on your smartphone. This way, if you do accidentally download malware, your devices and your data will be protected. It also doesn’t hurt to sign up for the best identity theft protection as these services can help you recover your identity as well as any lost funds after a phishing attack.

Scammers love impersonating big brands like PayPal to get the attention of potential victims. Fortunately though, if you use Gmail, Google is planning to add blue checkmarks to verified accounts to help fight both phishing and scammers.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.