New-Account Takeover Scam Impersonating PayPal
Criminals create fresh PayPal accounts using stolen identity data and rapidly exploit the brief window before fraud controls engage — using the new accounts to make purchases, receive fraudulent payments, or move stolen funds while impersonating PayPal's platform legitimacy.
Part of: New Account Takeover
Last reviewed: 8 June 2026
Account-takeover fraud does not always target an existing account. A related attack, sometimes called 'new-account fraud,' involves criminals opening brand-new PayPal accounts using stolen or synthetic identity information. By presenting real names, real addresses, and valid payment-card details harvested from data breaches, attackers can pass initial identity checks and exploit the trust that PayPal's brand confers on transactions processed through its platform.
This matters to ordinary users because new-account fraud contributes to the wider fraud ecosystem that raises PayPal's security requirements for everyone, and because the appearance of a PayPal payment or request from a fraudster-controlled account can itself be used to deceive sellers, landlords, or marketplace counterparties into believing a payment is secure when it is not.
A related tactic specifically targets individuals: criminals open a new account to receive 'misdirected' funds they have tricked a victim into sending, while impersonating PayPal's branding in the transaction messages to create the appearance of an official payment.
How this scam works on the PayPal brand
PayPal's onboarding involves identity and payment-card verification, but fraudsters who obtain comprehensive stolen identity packages — including name, address, date of birth, and card details from breach databases — can sometimes pass these checks. The fraudulent account may then be used to receive stolen money before it is cashed out or to execute purchase fraud.
From a victim's perspective, this attack often appears as: a seller in a marketplace receives what looks like a legitimate PayPal payment notification, ships the goods, and then finds the PayPal payment was made from a fraudulent account or was reversed. The sender's PayPal profile may have a display name crafted to look professional or legitimate.
A second attack variant involves the victim receiving a PayPal money-request from a new fraudster-controlled account, with a transaction note crafted to make the request seem like an invoice from a known service — utilities, subscriptions, government fees — exploiting PayPal's interface to lend credibility to the fraudulent request.
Common red flags
- A PayPal money request arrives from an account you do not recognise, with a message demanding payment for a service you did not order
- A PayPal payment for a sale you made is quickly followed by a dispute or reversal, and the buyer's account was recently created
- The PayPal account profile has no transaction history, no profile photo, and was registered very recently
- You receive a PayPal 'notification' outside the PayPal app or email asking you to confirm a payment to a new contact
- The PayPal email address shown on the payment has a domain other than paypal.com
How to protect yourself
- For marketplace sales, check the buyer's PayPal account age and history before shipping goods
- Enable PayPal's Seller Protection by ensuring transactions meet its requirements — virtual and digital goods often have different protections
- Never send a PayPal payment in response to a request from an unknown party without verifying the reason independently
- Use PayPal Goods and Services for purchases, not Friends and Family, when buying from strangers — this preserves dispute rights
- Verify PayPal payment notifications by logging into paypal.com directly, not by relying on an email notification alone
- Ignore PayPal money requests for unexpected services — mark them as spam in the PayPal app
How to report it
- Report fraudulent PayPal accounts or payment requests to PayPal at paypal.com/disputes
- Forward suspicious emails to [email protected]
- File a complaint with the FTC at reportfraud.ftc.gov
- Report to Action Fraud 0300 123 2040 (UK) or IC3.gov (US)
- If you sent money to a fraudulent account, dispute it immediately in the PayPal Resolution Center
Frequently asked questions
How can I tell if a PayPal account is fraudulent?
Look at the account's creation date (visible in some views), review any feedback history if it is a business account, and search the email address for any prior red flags. If you are a seller, consider requiring payment before shipping and keeping communication within PayPal's messaging system.
Is a PayPal Goods and Services payment always safe for a seller?
PayPal Seller Protection covers eligible transactions, but requires the payment to be for a tangible item shipped to the verified address. Review PayPal's Seller Protection policy for the specific goods category before relying on it.
What is synthetic identity fraud?
Synthetic identity fraud combines real and fabricated information — for example, a real Social Security Number with a different name — to create an identity that passes automated checks. It is harder to detect than simple stolen-identity fraud and is an increasing problem for online payment platforms.