Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
PayPal Invoice Scam: Users Warned ‘Do Not Pay, Do Not Phone’ After Attack
Advertisements

PayPal users have been targeted by a sophisticated scam where attackers exploit the platform’s own invoicing system to send fraudulent payment requests. Because these invoices and the accompanying email notifications originate directly from PayPal’s servers, they bypass traditional spam filters and appear authentic to the recipient.

These malicious invoices frequently claim to be for purchases from well-known companies, such as Norton and Best Buy, often for hundreds of dollars. The names of these trusted brands are used to create a false sense of legitimacy and urgency, prompting users to react quickly.

How the PayPal Invoice Scam Operates

The attack is executed when scammers, using compromised or newly created PayPal accounts, generate and send invoices to a list of email addresses. The notification email, which comes from a legitimate ‘paypal.com’ address, informs the user that they have received an invoice. The invoice itself appears within the user’s official PayPal account dashboard, adding to the deception.

The core of the scam is found within the ‘note’ or ‘memo’ section of the fraudulent invoice. Here, attackers include a message urging the recipient to call a provided phone number immediately if they did not authorize the transaction. This phone number does not belong to PayPal or the company named in the invoice; it connects directly to the scammers.

Official Guidance: Do Not Engage

Cybersecurity experts and organizations have issued direct warnings to PayPal users: do not pay the fraudulent invoice and do not call the phone number listed. The attack has two primary objectives. The first is to trick the user into paying the fake invoice. The second, more insidious goal, is to lure the victim into a phone call where scammers can attempt to solicit personal information, credit card details, or convince them to install malicious remote access software on their computer.

The correct response for users who receive such an invoice is to log into their PayPal account through the official website or app, not by clicking links in the email. Once logged in, they can view the invoice and use PayPal’s official reporting function to mark it as fraudulent and cancel it without any payment being made.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading