A penny landing in your PayPal account might feel like free money, but Houston-area cybersecurity and consumer experts say that little deposit can be the opening move in an old-school phone scam dressed up in very real-looking PayPal emails.
In this callback scheme, criminals send a tiny payment that triggers a genuine PayPal notification, then slip an urgent note and a phone number into the payment memo or subject line. The message presses recipients to call that number, where crooks posing as support wait to pounce.
Scammers have been sending amounts as small as a single cent, or the equivalent in foreign currency, to automatically generate PayPal payment notices. The con hinges on alarming language and a phone number stuffed into the message fields, then using the resulting call to steal passwords, banking details or remote access to a victim’s device, according to Click2Houston.
How the Scam Hijacks Real PayPal Notices
Security researchers say these emails can pass PayPal’s normal authentication checks while still carrying a weaponized subject line or remittance note that displays a fake phone number.
Analysis from Malwarebytes documents examples where the subject line screams about a large charge in U.S. dollars, but the body of the email quietly shows only a tiny foreign-currency payment. That mismatch is designed to create panic and push people to dial the number in the subject instead of calmly checking their account.
What Happens When You Call
People who call the number in the message are typically connected to someone claiming to be from PayPal support. Once on the line, victims are pressured to “verify” logins, hand over one-time codes or install remote-access software that gives the scammer control of their device.
Local reporting and security experts warn that these live calls let fraudsters harvest login credentials and payment information in real time, according to Click2Houston.
How to Protect Your Account
PayPal and security professionals offer a familiar playbook that still works:
- Do not call phone numbers or click links that arrive in unexpected or suspicious messages.
- Go straight to paypal.com or the official app to review your account activity instead of using embedded links.
- Turn on two-factor authentication and use strong, unique passwords for your accounts.
- Forward any suspected phishing emails to [email protected] and use PayPal’s official support channels if you need help.
Guidance on these steps and more is available from PayPal.
If You Already Interacted With Scammers
If you called the number or shared any login details, act quickly:
- Immediately change your PayPal password and any other accounts that reused the same or similar credentials.
- Contact your bank or card issuer to alert them to possible fraud and review recent transactions.
- If you installed any software at the caller’s request, run a full anti-malware scan and keep an eye on all financial accounts.
- Security firms also advise contacting your card issuer and filing complaints with relevant authorities.
- If sensitive personal information might have been exposed, consider placing a credit freeze and following formal identity-theft recovery steps.
Information on credit freezes is available from the FTC, and additional remediation tips are outlined by Malwarebytes.
If an unexpected tiny PayPal payment shows up with a “call support” note attached, treat it as a red flag. Do not call the number and do not click any links. Instead, forward the email to PayPal’s phishing team and file a complaint with the FBI’s Internet Crime Complaint Center so investigators have the details. Reporting instructions are available from PayPal and the FBI’s IC3.
-2.webp?w=160&h=400&fit=crop&crop=edges)