Celebrating 10+ Years
Book Your Free Consultation

Scammers Creating Fake PayPal Invoices to Lure Unsuspecting Businesses

Scammers are increasingly targeting Dallas businesses by sending fake PayPal invoices in an attempt to steal money. Some businesses fall prey to these scammers by paying up without thinking twice.

Imposters take advantage that many businesses use PayPal for transactions and can be gullible to pay any invoice they receive. Consequently, fraudsters create fake invoices on PayPal and send them to potential victims.

Since invoice emails come directly from PayPal, the scammer can trick your business into thinking that the invoices are legitimate and that you owe them money. If you click the link and pay using your PayPal account, your money will be transferred instantly.

YouTube video

How Does The Fake Invoice Scam on PayPal Work?

Technically, the invoice isn't fake. After all, it's a bill, although not owed by your business.

Typically, anyone can send a bill to your PayPal account if they know your email address. This leaves room for fraudsters to create PayPal invoices that mimic real entities such as WHO or GoDaddy.

The idea behind the scam lies on the premise that the invoice appears to come from a reputable source. Your business then may be duped into thinking it's a legitimate bill and transfer funds without double-checking.

In addition, since the PayPal invoice is real — only created by scammers — once you click the Pay button, the money transfer will be automatically initiated via your PayPal to the fraudster.

The Suspicious PayPal Invoice Can Also Be a Phishing Attempt

For a phishing scam to be successful, cybercriminals must ensure that their campaign reaches potential victims. Cybercriminals are turning to legitimate services such as PayPal to send out fake invoices to get your attention.

Scammers are using the legitimacy of PayPal to reach unsuspecting users' inboxes. The fraudster can create a free PayPal account to send emails from the company's domain while spoofing popular brands.

The cybercriminal then uses PayPal's features to create fake invoices, edit the business name, and add fake phone numbers and addresses to make them appear more legitimate. Then they send the invoice to potential victims.

Unsuspecting users who don't remember ordering something might be tempted to call the rogue phone numbers and provide credit card details to avoid getting charged. However, in doing so, the victim gives the attackers their contacts and payment information which they might use in future ransomware attacks.

A Case Example

Someone in our accounting department received an email using the PayPal invoicing system requesting our company to pay an invoice for around $800. The scammer billed the invoice of $796 to be exact.

The amount the scammer requested falls below the threshold of pain— small enough that some organizations wouldn't think twice about paying it. In addition, the number $796, doesn't appear generic like $800 or $750.

Some businesses may just pay it and think nothing more about it, but our organization couldn't because we scrutinize every invoice that comes in just to be sure.

Our spidey senses were correct. We found zero records of the sender providing any services to us. Upon further review, we found that the request wasn't even in our PayPal account. We quickly debunked the invoice as a scam that an attacker was trying to use to steal from us.

PayPal Isn't the Only Legitimate Service that Fraudsters Try to Abuse

Since PayPal is on the Allow List of the best email services, the email the company sends passes through to reach a user's inbox. Attackers use the platform to ensure their phishing emails reach their target inboxes.

However, PayPal isn't the only service that cybercriminals are abusing. A while back, attackers were using QuickBooks to execute similar attacks.

The fact that QuickBooks is also on the Allow List of the best email services, emails from the company pass straight to the user's inbox. The attackers utilize such platforms to ensure phishing email reaches the target.

How to Avoid Getting Scammed

You can take several measures to avoid suspicious PayPal invoice scams. You can do the following

  1. Ensure you have strong accounting practices that review all payment requests. If you ever get someone reaching out to you to buy a large amount of equipment, get paid first and ensure the payment clears.
  2. Monitor your inbox and PayPal account to check for fake invoices. If you find any, report to PayPal to help them plan on how to respond to future threats.
  3. If you receive an invoice for a product or service you don't remember purchasing, you should check your PayPal account first to see if you may have ordered something and forgotten about it.
  4. Avoid calling the phone number on any fake invoice. The scammers will try to lure you into sharing your credit card details over the phone. If you are curious about confirming the fake invoice contact, use the search engine first. You can check the company's website to see if the phone number on the invoice matches the one on the site.
  5. Check for a sense of urgency. The first red flag of a phishing attempt is a sense of urgency. Fraudsters often give a short time frame to respond to their messages.

What To Do In Case You Fall For Fake PayPal Invoice Scam

While it's nearly impossible to retrieve your money, your best shot at dealing with the fake invoice scam is to file a dispute with PayPal for fraud. You can proceed as follows to report fraud:

  1. Go to the PayPal Resolution center.
  2. Select Report a Problem.
  3. Scroll through your transaction until you reach the fraudulent invoice. Click the white bubble next to the listing and hit the Continue option at the bottom-right corner.
  4. PayPal will direct you on how to complete your dispute.

Velocity IT Will Keep Your Business on High Alert of the Emerging Scams

There is always a potential for a new scam brewing, and we want to be one of the first to alert you on what could be potentially looming on the horizon. Fraudsters are getting more sophisticated every day, but you don't have to fall, victim. You can put your business on a high scammer alert to protect against even the most recent scams. At Velocity IT, we can help you stay on top of scammers. Contact us today for assistance against fraudsters.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram