A string of emails from PayPal and cryptocurrency wallet company MetaMask have been identified as scam emails, so if you see one, delete it.
Reported by the the Federal Trade Commission (FTC), the phishing email campaign tries to manipulate users into sending the attackers their personal and financial information by being disguised as PayPal or MetaMask. If a user clicks a link in the emails or calls the phone number shown, they are at risk of having their private data, money and cryptocurrency stolen.
In the fake PayPal scam email, the message states that the user has authorized a payment of $497 to Binance Holdings Ltd. It then states that “BNC Billing canceled your invoice.” A note to the customer says to contact PayPal via phone number +1 (801) 317-884 to resolve the issue, or the user will be charged $497 in 24 hours.

This is a scam. Any interaction with the email, including ringing the number, will put you at risk.
The MetaMask email states that the user’s cryptocurrency wallet has been blocked “due to a dramatic increase in our platform users.” It then says that the user must upgrade their wallet before a specific date to keep their assets. As a dramatic touch, the phishing emails claims the user will lose all their cryptocurrency in the wallet isn’t upgraded. A link is provided to “recover my wallet now.”

Similar to the PayPal email scam, the fake MetaMask email uses a sense of urgency to scare users into clicking the link immediately. However, clicking the dodgy link will lead you to a fake website where users enter their details.
Scammers often try to make fake emails from official companies look real in order to trick users into clicking or calling numbers without a second thought. FTC recommends forwarding the emails, along with any phishing emails, to reportphishing@apwg.org.
What should I do?
The best course of action is to ignore the email. Do not reply to the attacker, as this may escalate the situation further. Instead, delete the email.
Like in any scam email campaign, threat actors may also include links to other websites. Do not click on these links, as they could lead you to malicious websites or install malware on your device. This phishing tactic is similar to how threat actors can hack your phone by texting.
If you don’t have an account associated with the company trying to reach out to you, then this is a phishing attempt. If you do, it’s worth double checking if the email is safe. An antivirus can do this, but you can also contact the official company email to make sure the email is legit.
- Ransomware attacks explained: What is it and how to prevent it
How to stop scam emails
Defending against nasty phishing emails will help keep personal and financial information safe from prying eyes. Hackers often use scam emails to dupe unsuspecting victims into downloading malware or sending them private information via PDF attachment, and the Octopus attack campaign is no different. It’s good to know that PDF files can have a virus or malware.
Here are a few ways to stop scam emails.
Use antivirus software to block malicious email
One of the best antivirus software will stop scam emails in it’s tracks. Many high-standard AV protection offer near-perfect scores when it comes to detecting and protecting against malware, meaning even complex malicious software can’t go unnoticed in emails.
Emails can contain harmful links or attachments filled with malware, which you never want on your device. The good news is you can let one of the best antivirus software services do all the legwork for you, as they have security and privacy features to protect your email accounts.
Services such as Avast One, McAfee, Norton and more have email protection tools that block malicious email address, links and attachments. To make sure spam email stops any malware damaging your device, or to keep you safe from threat actors hacking your phone through texting and more, make sure to set yourself up with an antivirus.
- Norton 360 review: Optimal security
- Avast One review: Strong antivirus for free!
- Bitdefender review: All-in-one premium security
How to block scam email in Gmail
If you are aware of an email address consistently sending spam as part of a scam campaign, you can block the email address in Gmail.
- Open Gmail on your device.
- In your inbox, check the box beside the spam email of the sender you wish to block.

- Click the three vertical dots located at the top bar of your inbox.
- Click Filter messages like these.

- In the pop-up window, select Create filter.
- Check the Delete it box and click Create filter.

When the email address tries to send you mail, it will automatically be deleted. Find out more with our how to block spam email in Gmail guide.
How to block scam email in Outlook
- Open Microsoft Outlook on your device.
- Right-click the email of the address your wish to block.
- Select Block and click Block sender.

The email address will no longer be able to send you spam. For more on how to block spam email in Outlook, we’ve got you cove
How to stop spam emails in Gmail on Android
Gmail is arguably the most popular email service, as it now stands at have 1.8 billion users around the globe. It’s easily accessible and most phone users have the app installed. And, since Gmail and Android all come from Google, it’s understandable that many Android phone buyers just use Gmail.
You can stop scam emails on Android by heading into the Gmail app.
1. On your Android phone, open the Gmail app.
2. Choose the message from the email address you want to block.
3. Tap the three vertical dots in the top-right corner of the email.
4. Select Block user.

How to stop scam emails on iPhone
You can stop scam emails on iPhone from a specific sender right in your iPhone’s Mail app.
Here’s how to do it.
1. On your iPhone, open the Mail app.
2. Choose the message from the email address you want to block.
3. On the top bar of the message, tap on the sender’s picture (tapping anywhere in this field should work).

4. Tap on the sender’s name.
5. A menu will pop up. Choose Block this Contact.

6. Confirm by tapping Block this Contact.
Once the contact is blocked, you will no longer receive those malicious email notifications from the scammer.
However, the email will still come into your inbox. You can continue to leave the email in your Mail inbox (which we do not recommend), but you can also have your iPhone automatically move the email to the Bin.
Here’s how to stop emails on iPhone filling up your inbox.
1. On your iPhone, open Settings.
2. Scroll down and tap on Mail.

3. Navigate to Blocked Sender Options.
4. Tap on Move to Bin.
