Scammers are always searching for new methods to steal your individual details or money, and within the last couple of months, an exploit in PayPals invoice system has been used to generate convincing phishing messages.
SO HOW EXACTLY DOES the Scam Work?
PayPal allows sellers to create invoices, that may then be delivered to a customers PayPal account to cover something or service. However, PayPal doesnt appear to do a congrats with regards to checking if invoices are legitimate or not. Recently, scammers have already been using invoices to trick people into sending money to other accounts. Its not yet determined when this technique became popular, but you can find reports heading back to 2020 and earlier.
The scam involves sending a PayPal user a contact, telling them to cover something. The e-mail I received identified the sender because the Billing Department of PayPal, with a note saying $1,000.00 has been debited back for the Walmart eGift Card purchase and that I will contact a telephone number for customer care. Another version identified by the Virginia Commonwealth University asked for $450 for BITCOIN CRPTO, with another contact number listed.
The only real similarities between all of the messages are Heres your invoice or Invoice updated at the very top, and a button that says View and Pay Invoice. Unfortunately, those also appear for legitimate invoices from actual businesses. The emails are sent through exactly the same firstname.lastname@example.org email as other account notifications, making them seem more legitimate.
How to prevent the Scam
The simplest way to ignore this type of attack would be to not pay any invoices for something or service you didnt purchase. However, invoices will vary than purchase notifications if PayPal sent you a confirmation email for purchasing something, then someone may have actually stolen your PayPal account, and you ought to contact PayPal customer care immediately.
In most cases, if you get a sketchy email or message about PayPal payments, you need to head to paypal.com (or the apps for iPhone and Android) rather than clicking any links from the message. The Activity page on your own PayPal profile will show any recent payments or requests, and you may look for any invoices from the experience page by clicking Status > Invoices to cover.
Hopefully, PayPal will crack down on invoice abuse, which means this wont be considered a common occurrence anymore. PayPal isnt alone, either the favorite money transfer service Zelle can be a frequent target for scammers.