• World CyberCon India
Firewall Daily Hacks

Fake PayPal Invoice: Hackers try to Lure Customers to Bogus Redressal Platforms

PayPal users are duped with fake invoices. Users are asked to visit a third-party address to get their money back.

Fake PayPal Invoice: Hackers try to Lure Customers to Bogus Redressal Platforms
  • PublishedAugust 22, 2022

Cyber scammers are sending fake PayPal invoices to users through emails. The email contains invoice details notifying about illegitimate transactions made by a known third-party like Walmart that debited money from their account. Users are then redirected to a fraudulent PayPal toll-free number and PayPal Support Center.

Fake PayPal invoice details

The fake emails have addresses that point toward the actual PayPal website. Moreover, the sender of the fake PayPal invoice reflects PayPal.com as the source. It is estimated that the scammers may have either gained access to PayPal Business accounts or have cloned their website which makes them and the email sender seem legitimate. Many PayPal customers have been bringing forth their encounters with similar frauds. Many samples of fake PayPal invoices have been shown to the media and PayPal.

Carefully crafted fake PayPal invoice

The subject line of the fake PayPal invoice may read something like, “Billing Department of PayPal updated your invoice.” Users are asked to call back to get their money back that was fraudulently debited by a known company. It was clear that the contact details provided in the fake PayPal invoice would take the customers to a fraudulent website or system. This system could gain access to the user’s PayPal account as well as its entire system if the user connects with them using their credentials. The user may also be asked to click on another link in the email that offers a required ‘software update’.

PayPal alerts users of fake PayPal invoices

Hackers have been known to hack into official websites of payment portals to extract all official credentials that they could use to convince users of their legitimacy such as the company’s name in the sender’s URL or link. PayPal has issued public alerts about fake PayPal invoices on its official website. It shared some common signs to spot a fake PayPal email. The post said that PayPal will never send generic greetings like “Dear user”. It would always address the customer with their first and last name. As PayPal has all its customers’ account details in its system, it will never ask for account information via email. If a fake communication asks for account details, it is a clear sign that they do not have it and are scammers.


Other ways to spot scammers

PayPal’s notice on its website further stated that it will never ask for tracking numbers of orders or shopping details. A PayPal email asking to install an update using a link in an email is also a sign of the link being a phishing link that would lead to data theft. PayPal asked its customers to be alert if they get calls, emails, or, SMSs that seem ‘urgent’ in nature asking for prompt action from customers as PayPal will not address its communications with an immediate call for action.

Samples of fake urgent communication

PayPal shared two samples of urgent-sounding fake communications on its website as mentioned herewith, “Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 1-408-123-4567. It is imperative that we speak to you immediately.”

And, “PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction please login at paypal.mobileservice2013.com/txn?id=178948 to stop this transaction. Thank You.” Since the writers of fraudulent communications are not qualified in composing official communications, fake messages may not have perfect grammar or punctuation.

A sample of a fraudulent automated voice call or ‘vishing’ was also provided by PayPal. The sample read, “This is PayPal calling about a possible fraudulent transaction on your account. Please enter your PIN now to hear the transaction details. We need your immediate response to block this transaction.”

Notify PayPal about fake PayPal communications

It is advised to not click on any links provided in a fake PayPal invoice. It would be wise to log in to the PayPal account using the installed application alone or a bookmark that a customer uses. They are further urged to cross-check the information provided in a fake PayPal email by going to their accounts notification page or contacting PayPal directly.

Users are asked to notify the security experts of PayPal at spoof@paypal.com about all such communications sent to them through email, SMS, or call. The security experts can verify the communication and shut down the source of fake communications. Users are also asked to change their login details if they have already clicked on a phishing link or fear that their accounts have been compromised. They can communicate with the help desk of PayPal for any further queries.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.