Received a Bitcoin Invoice From PayPal? It’s (Unsurprisingly) a Scam

Please fol­low and like us:
Pin Share

Crim­i­nals are always try­ing to get their hands on your hard-earned cash, and their lat­est trick is a sim­ple one—send a legit­i­mate invoice through Pay­Pal for a high-val­ue item you haven’t bought. So how does this scam work? How do scam­mers do this using a real Pay­Pal invoice?


PayPal Invoicing Gets Scammers Into Your Inbox

Tra­di­tion­al­ly, scam­mers and spam­mers have been rel­a­tive­ly easy to spot. If they’re not flagged up by your email provider’s spam fil­ters, there are details that give them away, if you know what to look for.

The emails are often spoofed—mean­ing that the email address in the “from” field isn’t gen­uine, and they some­times come from looka­like domains. The lan­guage tends to be odd, and they’ll promise you love, rich­es beyond your wildest dreams, or the oppor­tu­ni­ty to help a tem­porar­i­ly impov­er­ished for­mer head-of-state. In almost every case, they’ll con­tain links which, if clicked, will either install mal­ware on your com­put­er or try and trick you into giv­ing away your bank account details. They’re fake, and it’s easy to tell.

Invoic­es from Pay­Pal are dif­fer­ent. Pay­Pal is a trust­ed orga­ni­za­tion, with­out which ecom­merce would grind to a halt. Emails from Pay­Pal will always reach your mail­box regard­less of your provider. There’s no spoof­ing involved, and no dodgy links. It’s legit, and so, it’s hard to tell that it’s a scam.

And any­one can cre­ate an invoice using Pay­Pal. So that’s exact­ly what cyber­crim­i­nals do.

Scammers Can Invoice You Via PayPal

Hav­ing cleared your spam fil­ters and with no obvi­ous give­aways that the invoice is a scam, you may end up with some­thing like this in your inbox.

You’ll check that the out­links are gen­uine and, feel­ing reas­sured, click on one to view the gen­uine Pay­Pal invoice on the gen­uine Pay­Pal web­site. There, you can either pay or can­cel the invoice.

This invoice is for Bit­coin and pur­ports to be from “Bit­coin Exchange”, but we’ve seen oth­er spu­ri­ous invoic­es for gift cards, and for charges made by Pay­Pal itself. For scam­mers, the options are end­less, and it’s entire­ly pos­si­ble that some peo­ple or busi­ness­es will actu­al­ly click on the Pay button.

How Do PayPal Invoices Work?

If you reg­u­lar­ly use Pay­Pal on your PC, you may have it set that you don’t even need to sign into your Pay­Pal account—just click the big blue but­ton, and, like mag­ic, the required amount dis­ap­pears from your Pay­Pal bal­ance, nev­er to be seen again.

Pay­Pal also help­ful­ly pro­vides a QR code for invoic­es. Not only can you be invoiced via email while on the go, but you can also direct­ly access the invoice on your smart­phone. Just point your cam­era at the blue square! Tiny writ­ing on a 5‑inch screen makes it even more like­ly that you’ll click the but­ton. As the Pay­Pal slo­gan makes clear, it’s sim­ple: “Scan. Pay. Go.”

On this lev­el, the scam is sim­ple: get peo­ple to click a but­ton, and receive a large amount of mon­ey in return.

How Do Scammers Use Fake PayPal Invoices?

Even if you don’t pay the invoice, the scam­mers have more tricks to ensnare you. The email also con­tains a mes­sage from the sell­er, which indi­cates that the pay­ment has already been tak­en, and includes the text, “Do give us a Call [sic] for any dis­pute regard­ing the Pay­ment and issue a Refund at [phone number]”.

Ignor­ing the ran­dom cap­i­tal­iza­tion for the moment, it’s fea­si­ble that you might be wor­ried enough to call the num­ber, where­upon one of two things can happen.

The scam­mers may try to get more infor­ma­tion out of you—either through a fraud­u­lent iden­ti­ty ver­i­fi­ca­tion process, or by ask­ing for your bank details, osten­si­bly so they can issue a refund.

They may also try to per­suade you to install a remote admin­is­tra­tion tool on your com­put­er. You can prob­a­bly guess who you’re hand­ing con­trol to…

As both the email and the invoice are gen­uine­ly from Pay­Pal, it’s not impos­si­ble that some peo­ple will be fooled. Don’t be one of them.

Don’t Fall for the PayPal Invoice Scam

With no obvi­ous clues that the invoice isn’t gen­uine, do your research before pay­ing the invoice or call­ing the number.

The first thing you should ask your­self is whether you bought or tried to buy the item in ques­tion. If the answer is no—because spend­ing $499.99 on cryp­to through your Pay­Pal account is not some­thing you would con­sid­er doing—it’s a scam.

You can also do some research on any con­tact details con­tained in the email and the invoice.

With our sam­ple invoice, the sup­posed sell­er’s email address is larrypeters33@balawo.com. The host­ing domain is cur­rent­ly inac­tive, but a quick look on the Inter­net Archive Way­back Machine revealed it was pre­vi­ous­ly a Word­Press site host­ing ran­dom Chi­nese code snip­pets and oth­er scraped detri­tus from tuto­ri­als. In short, it does not inspire con­fi­dence that the sell­er is genuine.

Anoth­er clue is the phone num­ber. Using a free research tool, we were able to ascer­tain that it was assigned the very day the email was sent, and we expect it will be reas­signed short­ly afterwards.

Sim­ply search­ing for a num­ber on Google can reveal that it’s often used by scammers.

How Did PayPal Scammers Get My Email Address?

Maybe you adver­tise your email address on your Face­book, Twit­ter, or a per­son­al blog, and it was scraped from there.

It’s far more like­ly that your email address was dis­closed in a data breach. Com­pa­nies are hacked all the time, with cus­tomer infor­ma­tion exfil­trat­ed from their sys­tems with alarm­ing reg­u­lar­i­ty. In the 2022 Sam­sung data breach, for instance, crim­i­nals man­aged to steal cus­tomers’ names, con­tact and demo­graph­ic infor­ma­tion, dates of birth, and prod­uct reg­is­tra­tion information—which may have includ­ed gen­der, pre­cise geolo­ca­tion data, Sam­sung Account pro­file ID, user­name, and more.

Accord­ing to haveibeen­pwned, the indi­vid­ual who pro­vid­ed the sam­ple email to us has had their email address com­pro­mised in at least 10 dif­fer­ent data breaches.

Pay­Pal allows busi­ness­es to bulk invoice in batch­es of up to 1,000 at a time (of the same invoice) by upload­ing a CSV file. It would be easy for the would-be scam­mers to add a name (or user­name) to all the invoic­es, but they haven’t—meaning it’s prob­a­ble that they don’t have the tar­get’s name. The only known breach which revealed their per­son­al email, but not name or user­name, was the 2015 Patre­on hack.

How to Protect Against Fraudulent PayPal Invoices

Pay­Pal pro­vides a straight­for­ward and com­mon sense guide to email scams; how­ev­er, the invoic­ing con isn’t yet listed.

Here’s our advice:

  • Don’t click through to invoic­es from links in an email—even if they’re gen­uine links. You can check Pay­Pal invoic­es sim­ply by log­ging into the ser­vice on a dif­fer­ent tab or browser. 
  • Don’t pay an invoice unless you’re 100 per­cent cer­tain what it’s for. 
  • Don’t call, email, or oth­er­wise con­tact the “sell­er”.
  • Keep your main email address private. 
  • Use email alias­ing or an email pro­tec­tion ser­vice to give dif­fer­ent email address­es to dif­fer­ent companies. 
  • Check haveibeen­pwned reg­u­lar­ly to see if your per­son­al details have been dis­closed. If an email address is com­pro­mised, deac­ti­vate it. 

PayPal Invoicing Scams Are Irritating and Dangerous

Open­ing an email to find a gen­uine Pay­Pal invoice for some­thing you did­n’t buy is annoy­ing at best, and at worst, can result in you los­ing mon­ey. Take care with your social media, your email accounts, and your inter­net secu­ri­ty, so you can deprive crim­i­nals of the details they need to tar­get you effectively.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *