Tag: Money Scams

Paypal Invoice Scam

Haven’t had one of these before.

So I’m sitting at my desk doing some adulting, because what else do you do at your desk in the middle of the day, when I got this really weird, absolutely legitimate looking email.

Have a look,

Some of the info is blacked out intentionally (i.e. my personal email). Go ahead and take a look at the full thing, then we’ll break it down.

Looks pretty legit doesn’t it? That’s because it is. What we have here is a scammer making use of paypal’s invoice system to send a fake invoice. But there’s some key changes here to help this scam along.

So first thing’s first — the main thing we always look at to see if an email is legit or not. Typically, your spam filter will catch this and you’ll never see it. But that isn’t the case here.

Because the scammers are using Paypal’s legitimate invoice service, the name and email server match up and are legitimate.

Though the big clue here that this email was nonsense? The email address it was sent to has never been used for a paypal account or a paypal invoice service.

So let’s scroll down a bit. Again, perfectly legitimate looking invoice email because it is a legitimate invoice email from paypal. But here is where we start to notice a few things.

  1. Notice how in the subject line it says “you have paid an invoice”? That is a subject lane created by the scammer. In the actual body of the email, you’ll see it has changed to “Please pay your invoice”.
  2. Invoice number is perfectly legitimate. Nothing to see here. I’ve blacked it out so that no one tries to be dumb.
  3. The company name is “Binance”. A company I’ve never done business with. A quick google search shows they’re a cryptocurrency company.
  4. Hovering over the “view and pay invoice” link shows a valid link to a paypal invoice payment page. Typically, if a scammer is spoofing an email, hovering over these links will show their destination to be anything other than the legitimate website.

Alright, next line down.

Here, the scammer uses the “note to customer” section of the invoice template to write up a paragraph that looks as though it came from Paypal. At a glance, this looks legit. However, let’s cover a few things.

  1. “Seller note to customer” is always from the seller and never from paypal.
  2. Legitimate Paypal emails always contain your full name or alias. They are never addressed to “Dear Customer” or “Customer”.
  3. “You sent a payment of-” First of all, Paypal doesn’t auto-debit any invoice from your account without authorization. (Especially when the email address attached doesn’t even have a paypal account). Secondly, the email already established earlier that this is a request for payment. It hasn’t been sent, despite what the scammer says.
  4. The scammer mistyped the amount and added a space between the decimal point and the cents. Scammer emails always have bad or incorrect grammar. This one is no exception. Take note of the dual space on the comma between “transaction” and “please”.
  5. The number listed is not a paypal number at all. This is key to the scam. If someone reads the email and panics, they see the customer service number conveniently provided in the email. They call that number and end up talking to the scammer who is able to bilk money from them. Scams are a numbers game. In this case, the scammer has created two separate chances to scam you. The first being someone who just clicks “pay” and pays, the second being someone who panics and calls the “customer service” line.
  6. Bonus Note: Scammers always like to attach a timeline to their scams. The less time someone has to think about why what they’re seeing or hearing is bullshit, the more likely they are to fork over their cash. We see this all the time in IRS or Arrest Warrant scams. The scammer will say you have one or two hours to complete the transaction or you’ll be in serious trouble. This is the same as the Injured/Arrested Family Member scam. They goal is to make you forgo talking to anyone else who might clue you in that you’re being scammed.

Now we’re back the legitimate part of the invoice email. This section is actually from paypal. As stated before, paypal never auto-debits invoice payments. So when you get a fake invoice, you are safe to just delete it and move on.

There is a “contact us” link on this section as well. I know in this case we’re looking at a legit email, but never – ever click links in unexpected emails. Even if it is from, or appears to be from, a legitimate site. If you really want to get in touch with paypal: open your web browser and manually head to the site. Don’t use any email links to do so.

And there we have it. This invoice scam isn’t really new. People have been sending out fake invoices for a while. But this is the first time I’ve ever received one and since it looks legitimate I figured it was worth covering.