An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.
https://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/
BleepingComputer
npub1pk…z6763
2025-12-14 16:06:27 UTC
Author Public Key
npub1pkrnqz97z2wckgmwglckccgg65eanvw3wpvuses7npqlvv6st06svz6763Seen on
wss://relay.momostr.pinkPublished at
2025-12-14 16:06:27 UTCEvent JSON
{
"id": "24d8976b717d9bade80a9a7878d415dacb5ad79d4bcb20c0181179546738dc32",
"pubkey": "0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5",
"created_at": 1765728387,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@BleepingComputer/115718775584275413",
"web"
],
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/115718775584275413",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/BleepingComputer/statuses/115718775584275413",
"pink.momostr"
],
[
"-"
]
],
"content": "An email scam is abusing abusing PayPal's \"Subscriptions\" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.\n\nhttps://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/",
"sig": "66871d7534c9d8e75531958fae3d87ca0651d6d50a102eee69d6603f693492455d4b11c4992f30700b97baee9418e967976c005aebfdb9226c06f73db75c8299"
}