My email inbox got flooded rapidly – it was a cover-up by a scammer making changes to my PayPal account

by AllenWatson23

TL/DR – Mass emailed, it was a cover-up to hide changes to my PayPal account. Could have lost tens of thousands of dollars.

This will be a fairly long story, but it relates to a scam I’ve never seen mentioned on here. A few months ago I had just finished my work at around 10 am when my phone notifications blew up. I looked and it said that I had approximately 100 new emails. This was certainly out of the ordinary. I immediately opened my email to check, and by the time I got in there, there were about 200 new emails. Over the course of the next few minutes, approximately 400 emails had poured into my inbox.

All of these emails seemed to be introduction emails to some sort of service or product – but all different. Never the same one twice. They were all mostly “Thanks for signing up for BLANK.” This would be the kind of email you get when you want to receive more information about a product or subscribe to an email list. None of the names were correct, and they were varied. Sometimes it would congratulate “Steve” for signing up for something, other times “Robert.” There or approximately 50 different names. At first, I simply thought that my email had gotten on to some list that blasted emails to various services hoping I would sign up for one. However, something really didn’t seem right.

I decided I needed to go through my entire inbox and look for anything that seemed out of the ordinary. Since all these emails were not really legitimate, I started looking for anything that DID seem legit. Low and behold, about halfway through, I spotted an email from PayPal. I clicked on it, and it was indeed an email from PayPal letting me know that an authorized user had been added to my account. I hadn’t logged into my PayPal that day (though I do use PayPal regularly for invoicing clients), so I knew this was not a change I made.

I immediately logged into PayPal, half expecting not to be able to log in at all. However, it did let me log in, but I could not see any suspicious purchases at all. I found the “Manage Users” section of my account and did see one authorized user. Here is the thing, the authorized user did not look suspicious. It was my name. Actually, it was my middle name, which is the name that I use for my PayPal business account. My PayPal is under my first name, but my clients see my middle name. I almost closed out thinking nothing was wrong, but something still didn’t seem right. I hadn’t added any authorized users.

The details are a bit fuzzy here because this was a few months ago, but from what I remember, the phone number for the authorized user was not mine. While they used my name, they had their number. Maybe it wasn’t their number, but I still knew I hadn’t made any changes. I immediately called PayPal and got through to customer service. They immediately agreed to put me through to their security team because they thought something was suspicious as well. The PayPal security team said that an IP address from somewhere in another part of the country logged into my account and just added an authorized user. While on the phone, the PayPal security team told me to delete the authorized user, change my password, and recommended enabling two-factor authentication.

From the moment I got all of the emails to the moment I was on the phone with PayPal security, the time frame was only 15 minutes. I think the scammer was going to play the long game on me, but because I took the time to look through all the emails and notice something was wrong, they never had the chance. My PayPal account balance hovers around $200 at any given moment, but it handles tens of thousands of dollars of transfers per month for my business. I always transfer this to my bank account quickly because…because PayPal. Had I not noticed something amiss, they could have waited until one of my larger invoices came through and drained me of my money.

Long story short, if you get blasted with hundreds of emails at once, look through every single one of them to see if something seems legitimate. All of those emails are probably a cover-up for something related to your finances.