A very sophisticated PayPal invoice scam!

Scams

A very sophisticated PayPal invoice scam!

byCarola F Berger 0 Comment
Paypal scam

I woke up this morning to an invoice over $500.00 in my email inbox to my personal PayPal account, sent via PayPal. It looked real. It felt real. All the links were pointing to the correct URLs. The email didn’t seem to have been spoofed. Even the funky letter/number combination in the footer of the email looked real.

The plot thickens

I was mystified. I didn’t order anything that would require an invoice. Of course, I didn’t click on the links in the invoice, but I might as well have, because the invoice turned out to be real and the link goes straight to PayPal itself. It was, in fact, a real PayPal invoice.

My investigation

I then decided to investigate further and sent myself an invoice from my business account to compare. Then I noticed a few differences, indicated by the red arrows:

Real PayPal invoice

PayPal invoice sent by me to myself


Scam PayPal invoice

Scam PayPal invoice



First, the invoicing party’s address is a throwaway email address. The “from” address is of course PayPal, because it was sent via PayPal. But the “reply-to” address, which is the seller’s address, is fake. Then, it says “Hello, PayPal Customer” instead of my name, because the scammer obviously didn’t know my name. And finally, the real reason for the fake invoice: the “seller note to customer.”

The resolution

The scammers want you to call the number in the “seller note” to resolve the issue with the invoice for items you clearly didn’t order. If you call, a fake “customer representative” will answer and ask you for your login and other personal information in order to compromise your account.

In another installment of this same scam, the fake “customer representative” asks you to download some security software onto your device to resolve the problem, which contains nothing but malware to ruin your entire computer.

I reported the message to phishing@paypal.com, but it is unlikely PayPal will do anything about it, because it is, indeed, a real invoice. The phishing doesn’t occur until you call the number in the “seller note.”

The upshot: If you receive a real PayPal invoice from a fake person, do nothing. Perhaps report it to PayPal, but definitely don’t pay, and don’t call the number listed on the invoice.

Digiprove sealCopyright secured by Digiprove © 2023 Carola F Berger

Carola F Berger

Website: https://www.cfbtranslations.com

Carola F. Berger is a German-English patent translator with a PhD in physics and a master’s degree in engineering physics. She is ATA certified for translation from German into English and from English into German and owns and operates CFB Scientific Translations LLC. Carola serves as webmaster on the NCTA Board of Directors and is also the Administrator of ATA’s Science and Technology Division.

Leave a Reply

Your email address will not be published. Required fields are marked *