β If an email recently landed in your inbox with a subject line like "Pending charge of USD 987.90 for account activation. Questions? Call (855) 629-1161" β don't call that number. Don't click anything. And whatever you do, don't panic-dial to "stop the charge."
You're being targeted by one of the cleverest scams going right now, and the reason it works is uncomfortable: the email genuinely came from PayPal.
The trick is in the subject line, not the email
When most people think "phishing email," they picture sketchy senders, broken English, and links to weird domains. This scam is the opposite. The email passes every authenticity check β SPF, DKIM, DMARC, all green. It comes from PayPal's actual mail servers. The fonts are right. The footer is right. The unsubscribe link works. If you forwarded it to a security expert and asked "is this really from PayPal?" they'd have to say yes.
Scammers have figured out that PayPal lets anyone send small amounts of money to anyone else, and that PayPal will dutifully email the recipient a notification. The scammer sends you a payout of, say, one Hungarian forint β about a quarter of a cent. PayPal's system then automatically generates and sends you a real, legitimate, fully-authenticated email confirming the transaction.
Here's the catch: the email's subject line is whatever the scammer typed when they set up the payout. PayPal doesn't sanitize it. So they write something terrifying like "Pending charge of USD 987.90 β call this number with questions" and PayPal's servers cheerfully deliver that subject line straight to your inbox, wrapped in a perfectly legitimate-looking notification.
The actual transaction in the email body is for 1 forint. There is no $987.90 charge. There never was. But by the time most people read carefully enough to notice that, they've already dialed the number. β