More PayPal emails hijacked to deliver tech support scams

Malwarebytes reports a tech-support scam campaign that weaponizes legitimate PayPal emails by altering the subject line (and email <title>) to show a fake large USD charge and an attacker-controlled phone number; the emails still originate from [email protected] and pass DKIM/SPF/DMARC, making them appear authentic. Recipients who call the number may be social-engineered into giving payment details, installing remote-access tools, or surrendering account access; the exact mechanism by which the subject line is populated is unclear but may involve abuse of PayPal payout/remittance fields.