PayPal users have been targeted by a sophisticated scam where attackers exploit the platform’s own invoicing system to send fraudulent payment requests. Because these invoices and the accompanying email notifications originate directly from PayPal’s servers, they bypass traditional spam filters and appear authentic to the recipient.

These malicious invoices frequently claim to be for purchases from well-known companies, such as Norton and Best Buy, often for hundreds of dollars. The names of these trusted brands are used to create a false sense of legitimacy and urgency, prompting users to react quickly.

How the PayPal Invoice Scam Operates

The attack is executed when scammers, using compromised or newly created PayPal accounts, generate and send invoices to a list of email addresses. The notification email, which comes from a legitimate ‘paypal.com’ address, informs the user that they have received an invoice. The invoice itself appears within the user’s official PayPal account dashboard, adding to the deception.

The core of the scam is found within the ‘note’ or ‘memo’ section of the fraudulent invoice. Here, attackers include a message urging the recipient to call a provided phone number immediately if they did not authorize the transaction. This phone number does not belong to PayPal or the company named in the invoice; it connects directly to the scammers.

Official Guidance: Do Not Engage

Cybersecurity experts and organizations have issued direct warnings to PayPal users: do not pay the fraudulent invoice and do not call the phone number listed. The attack has two primary objectives. The first is to trick the user into paying the fake invoice. The second, more insidious goal, is to lure the victim into a phone call where scammers can attempt to solicit personal information, credit card details, or convince them to install malicious remote access software on their computer.

The correct response for users who receive such an invoice is to log into their PayPal account through the official website or app, not by clicking links in the email. Once logged in, they can view the invoice and use PayPal’s official reporting function to mark it as fraudulent and cancel it without any payment being made.

Source: https://www.forbes.com/sites/daveywinder/2025/10/26/paypal-users-warned-do-not-pay-do-not-phone-as-attackers-strike/