PayPal Fake Invoice Scam: The New Scam In Town Targeting Businesses

Key Points:

  • If your business uses PayPal for payments, you’re likely to receive a fake PayPal invoice asking for payment for services or products you didn’t render or receive.
  • While the invoice comes directly from PayPal, it’s considered fake because it’s money you DON’T owe.
  • If a scammer knows your PayPal email, they can create invoices mimicking reputable entities to make you think they are legitimate bills.
  • Once you click the Pay button, the money will automatically be transferred from your PayPal to the fraudster’s account.
  • Fraudsters use the legitimacy of PayPal to reach people’s inboxes and trick them into sending money by spoofing popular brands.

Fake PayPal invoices are making the rounds online. Fraudsters use the legitimacy of PayPal to ensure their trickery reaches potential victims and dupes them.

Criminals are creating and sending falsified PayPal invoices to request payment. Since businesses process many PayPal transactions, attackers assume that organizations will be gullible to pay invoices without double-checking.

How The PayPal Invoice Fraud Works

Anyone who knows your email address can send you a bill on your PayPal account. Fraudsters are taking on the fake PayPal invoice scam because they know that the invoices aren’t technically fake — they are real invoices from PayPal, only that the businesses don’t owe them.

Scammers create invoices imitating reputable organizations such as antivirus companies, GoDaddy, or VPN services. Since the invoice will appear to come from one of your services, an unconscious accountant may be duped into believing the invoice is legitimate and make payment without questioning it.

Since the PayPal invoice is real — only that scammers created it — hitting the Pay button will instantly transfer your money to the criminals.

Fake PayPal Invoices Might Be The New Phishing Method

Criminals are getting more sophisticated and are using legitimate services such as PayPal to ensure their lures reach their targets.

With the rise of sophisticated email filters, many phishing emails might not reach potential victims. The email filters red flags on many phishing scams and sends them directly to the spam folders without reaching people’s inboxes.

However, attackers are using the legitimacy of PayPal to bypass email filters and reach the inboxes of unsuspecting victims. These fraudsters create free PayPal accounts to send invoices from domains spoofing popular brands.

The criminals then utilize PayPal features to:

  • Create fake invoices
  • Edit business name to mimic popular brands
  • Add fake phone numbers
  • Add fake addresses

When you receive the fake PayPal invoice, it will appear more legit.

An unsuspecting accountant who doesn’t remember ordering something or the service the business received can call the rogue number to ask more about the invoice or avoid unnecessary charges.

The attacker will then attempt to lure the user into offering phone numbers or credit card information during the call. The contact and payment information revealed to criminals will then be used to prepare for future attacks.

Our Accounting Department Received One Fake PayPal Invoice

One of our employees in the accounting department received a PayPal invoice requesting our organization to pay an invoice for around $800. The fraudster billed the invoice for $796.

$796 is a unique figure that also falls below the pain threshold. Since the amount isn’t huge, many businesses might not think twice about paying it. If such an invoice finds a distracted accountant handling multiple PayPal invoices, they might not think twice about making the payment. In addition, the number 796 isn’t generic, like $800 or $750. One is more likely to assume it’s accurate and real.

Some businesses could have paid the invoice and never thought anything of it. However, our company couldn’t because we scrutinize every invoice that comes in just to be sure.

After digging deep, we found no record of the sender providing services or products to our company. We found that the invoice wasn’t even in our PayPal account, so we flagged it as a scam.

Scammers are Abusing Many Other Legitimate Services for Phishing Campaign

Fraudsters are turning to legitimate services to ensure they get the attention of potential victims.

PayPal is on the Allow list of the best email services. Nearly all emails from PayPal reach users’ inboxes. Scammers use the platform and many other legitimate services to ensure their phishing emails reach target inboxes.

Sometimes back, fraudsters were using QuickBooks to run similar attacks. Like PayPal, QuickBooks is on the Allow List of best email services. All emails from QuickBooks will go straight to the user’s inboxes.

Criminals are leveraging legitimate services to run phishing campaigns.

How Your Business Can Avoid Getting Scammed

Your business can deploy several measures to avoid losing money to fraudsters through fake PayPal invoices. Some of these measures include:

  • Adopting excellent accounting practices to review all payment requests. Your accounting department should scrutinize every invoice to ensure you only pay for service or product got.
  • Checking your PayPal account and inbox for fake invoices. If you find any, report to PayPal to help them address future threats.
  • Checking your PayPal account whenever you receive an invoice for a product or service you don’t remember purchasing. See if you had ordered something and forgot about it.
  • Avoiding calling the phone numbers on the fake invoice. Scammers lure people into offering their credit card details over the call. If the invoice intrigues you, confirm the contact details using the search engine. Check the official website of the company to check if the addresses match.
  • Identifying any sign of urgency in invoices. The first red flag of a scam is a sense of urgency. Attackers often give a short time frame to respond to their messages.

What to Do if Your Business Becomes a Victim of Fake PayPal Invoice Scam

Retrieving your money after a scam is very difficult, especially when you authorized the transaction. The best you can do is to file a dispute with PayPal for fraud in the following steps:

  1. Head to the PayPal Resolution Center
  2. Select Report a Problem
  3. Scroll down your transactions until you reach the fraudulent invoice
  4. Choose the white bubble next to the listing
  5. Hit the Continue button in the bottom right corner
  6. PayPal will guide you to complete the dispute

Discovery IT Can Help Your Business Be On High Alert for Scams

Your business has the challenging task of protecting itself against fraud. After all, fraudsters are brewing new potential scams that you may not be aware of. We want you to be the first to know of the potentially looming fraud on the horizon. Contact us today to put your business on high scam alert to protect against even the most recent scams.

Not Ready To Speak With Us Yet?
Check Out Our Tech Insight.

Read The Discovery IT Tech Blog
(409) 727-7080