The latest phishing scam is using PayPal to convince victims that they need to pay an invoice for hundreds if not thousands of pounds…an invoice that doesn’t really exist.
What is a phishing scam?
A phishing scam is a kind of fraud where a victim is sent an email, text or is called directly, and convinced through social engineering to disclose their bank details, account details or other personal information. Perpetrators will devise a number of different ways to convince victims to part with their details, usually using something current and relevant.
These phishing scams are often sent out en masse; the scammers contact as many people as possible so they can get as many responses as possible. We’ve seen a number of different phishing scams claiming to be from trusted businesses, organisations and even family members. Emails can be about the covid-19 vaccine, the cost of living crisis or subscription services - but the goal is the same, to get victims to pass on their information.
What is the PayPal Invoice scam?
The PayPal invoice scam is a phishing scam that is sent over email. Victims receive an email from PayPal, with an invoice attached. The note attached to this invoice explains that you have an outstanding payment, and the money will be taken from your PayPal account today.
The note in the invoice goes on to state that if you didn’t make this purchase, you can contact PayPal to refund this payment. It also provides you with the number to contact PayPal on. If you’ve not figured out where this is going yet, the phone number does not connect you to PayPal, and instead calls a scammer who will refund this false payment by relieving you of your PayPal details, and then emptying your account. You can see a screenshot of this email at the following link.
The pitfalls of the PayPal Invoice scam
This scam has been so effective because scammers are using PayPal's invoicing system. This means that the sender of the email is PayPal, so it looks a lot more legitimate than it is.
This is because the fraudulent invoice is sent through PayPal’s application. As such, even when you head to your PayPal account - without clicking any links in the email - you’ll still see this fraudulent invoice. The important thing to remember is that anyone can send a PayPal invoice to anyone else, at any time. Just because it comes through PayPal’s website, it doesn’t make it legitimate.
However, there are some indicators in the email that you’re looking at a scam. Many phishing scams fall down at their grammar and the note attached to this invoice is no exception, ‘This transaction will reflect on PayPal activity…’ just doesn’t sound right.
The most important thing to note, however, is that the PayPal information is underneath a big heading that says, ‘Seller note to customer’. That means whoever has sent this invoice has typed this message to you, including the phone number; it isn’t an official security message from PayPal.
What should you do if you receive a PayPal invoice you weren’t expecting?
Head to your PayPal account, without clicking any links in the email. PayPal states that you can, ‘Cancel any unwarranted invoices or money requests by logging in to the PayPal website or the PayPal app.’ Never try to contact PayPal through a phone number or email address you’ve received in the Seller note - it’s the scammer you’ll get through to.
Tweet us @TranscenditUK
