[Cyphase]

I've been seeing similar scams via PayPal. The scammers apparently add the target email address as a forwarding address on a compromised or created-for-purpose email account. And that bouncer email address is signed up for PayPal. So the scam email is actually from PayPal, bounced through some other inbox. The To name and address is of the bouncer email address PayPal sent it to.

One version involves sending money to someone with the PayPal account (so the target might think it was sent from their own account) with a "note" to the transaction recipient, which the target sees, which says PayPal has detected unusual activity and please call this phone number to request a refund.

Another involves a "Your ITEM NAME order is on its way" email where the item being ordered is called something like, "Some Company, Inc: Don't recognize the seller? Call us at SOME PHONE NUMBER".

A third is like the second, except it's a "You paid CURRENCY to SELLER" email. This one has the PayPal user's name at the top, so not as convincing perhaps.