Got a Bitcoin Invoice from PayPal? It’s a Scam (unsurprisingly). Lawbreakers are always looking for new ways to steal your money, and their latest scheme is simple: submit a legitimate invoice through PayPal for a high-value item you haven’t bought. So, how exactly does this con work? How do scammers do this with a legitimate PayPal invoice?
PayPal Invoicing Gets Scammers Into Your Inbox
Scammers and spammers have traditionally been easy to identify. However, if your email provider’s spam filters do not pick them up, some details give them away.
The emails are frequently faked, meaning that the email address in the “from” box is not genuine and sometimes originates from lookalike domains. They’ll promise you to love riches beyond your wildest dreams or the opportunity to assist a temporarily impoverished former head of state. In virtually every case, they will contain links that, if opened, will either install malware on your computer or attempt to mislead you into disclosing your bank account details. They’re forgeries, and it’s easy to spot them.
PayPal Invoices differ from others. PayPal is a reliable company without which e-commerce would come to a halt. Emails from PayPal will always arrive in your inbox, regardless of your service provider. There are no spoofing or questionable links. It’s legitimate, so it’s difficult to know if it’s a fraud
Scammers Can Invoice You Via PayPal
If your spam filters have been cleared and there are no evident giveaways that the invoice is a scam, you may receive anything like this in your inbox.
Once satisfied, you’ll validate the outlines and click on one to consider the genuine PayPal invoice on the genuine PayPal site. You can either pay or cancel the invoice there.
This Bitcoin invoice is from “Bitcoin Exchange,” but we’ve seen similar invoices for gift cards and PayPal charges. Countless alternatives are available to scammers, and some people or businesses may likely click the Pay button.
How Do PayPal Invoices Work?
If you use PayPal on your PC frequently, you may have it configured such that you don’t need to sign into your account—click the large blue button, and the appropriate amount vanishes from your PayPal balance, never to be seen again.
PayPal also includes a QR code on invoices. So you can not only get invoiced via email while on the road, but you can also access the invoice directly from your smartphone. Aim your camera toward the blue square! Tiny wording on a 5-inch screen increases the likelihood that you will click the button. It’s as simple as the PayPal motto suggests: “Scan. Pay. Go.”
On this level, the scam is simple: convince people to click a button in exchange for significant money.
How Do Scammers Use Fake PayPal Invoices?
Even if you do not pay the invoice, the scammers will use other methods to catch you. The email also includes a note from the seller, indicating that payment has already been received, and the text, “Do give us a Call [sic] for any dispute about the Payment and issue a Refund at [phone number].”
Ignoring the random capitalization for the time being, it’s possible that you’ll be concerned enough to call the number, which will result in one of two outcomes.
The scammers may attempt to obtain additional information from you through a bogus identity verification process or by requesting your bank details, ostensibly to issue a refund.
They may even persuade you to download and install a remote management tool on your computer. Who arewyou’re delegating authority?…
It’s not improbable that some people would be duped because the email and the invoice are genuine from PayPal. Be not one of them.
Don’t Fall for the PayPal Invoice Scam
Do your study before paying the invoice or dialing the number if there are no obvious signs that it needs to be genuine.
First, ask if you bought or attempted to buy the item in question. It’s a scam if you say no, because buying $499.99 in cryptocurrency through your PayPal account is not something you’d contemplate doing.
You can also research any contact details in the email and invoice.
The email address of the alleged seller on our sample invoice is larrypeters33@balawo.com. Unfortunately, the hosting domain is currently defunct. However, a short search on the Internet Archive Wayback Machine reveals that it was originally a WordPress site with weird Chinese code snippets and other tutorial-scraping garbage. In summary, it does not provide the impression that the seller is genuine.
The phone number is another hint. Using a free research tool, we discovered that it was assigned on the day the email was sent, and we anticipate that it will be reassigned soon after.
How Did PayPal Scammers Get My Email Address?
You posted your email address on Facebook, Twitter, or your blog, and it was scraped from there.
Your email address was most likely disclosed in a data breach. Companies are always hacked, and client information is routinely stolen from their networks. For example, in the 2022 Samsung data breach, attackers stole consumers’ names, contact and demographic information, dates of birth, and product registration information—which might have included gender, precise geolocation data, username, Samsung Account profile ID,and other information.
According to haveibeenpwned, the person who provided us with the sample email had their email address exposed in at least ten separate data breaches.
PayPal allows businesses to bulk invoice in bunches of up to 1,000 at a time (of the same invoice) by uploading a CSV file. It would have been easy for the would-be crooks to add a name (or username) to all of the invoices, but they haven’t, implying that they don’t know the target’s name. The 2015 Patreon hack was the only documented breach that revealed their email but not their name or username.
How to Protect Against Fraudulent PayPal Invoices
PayPal has a simple and common sense guide against email scams; unfortunately, the invoicing scam is not yet covered.
Here’s our recommendation:
- Even if the links in an email are genuine, do not click through to invoices. Checking PayPal invoices is as
- simple as logging into the service in a new tab or browser.
- Only pay if you’re sure what an invoice is for.
- Don’t call, email, or contact the “seller” in any other way.
- Maintain the confidentiality of your primary email address.
- To give distinct email addresses to different firms, use email aliasing or an email protection service.
- To see if your details have been disclosed, check haveibeenpwned frequently. Finally, deactivate any compromised email addresses.
PayPal Invoicing Scams Are Irritating and Dangerous
Opening an email to see a genuine PayPal invoice for something you didn’t buy is inconvenient at best and can result in a financial loss at worst. Protect your social media, email accounts, and internet security to prevent crooks from using your details to target you effectively.