Hi Reader,
Over the past week, I have dealt with several Creators who have fallen victim to this Invoice Scam and paid over $4000 collectively.
Here is what you need to know:
What happens?
You receive an email with an invoice that does in fact come from the real PayPal company:
Why do people fall for this?
You know that the first thing to check for with any email is the sender’s email address.
Usually in an obvious scam, the friendly name will be “PayPal” but if you hover over the sender’s name or click on more info, the actual email address is revealed which is typically some random @Gmail address.
HOWEVER…
In this case, the sender’s email address is from the real PayPal company!
It is not a spoofed or a fake email address.
The email is formatted exactly like a standard PayPal invoice. It even has the PayPal warning: “You don’t have any payments with this seller in the last year”
What are the Red Flags?
The first Red Flag is the To field.
They used the TO field as a “subject line” and when you look at the info it reveals someone’s email address.
This means that this was sent to a large group of people and you happened to be BCC (blind carbon copied) on the email.
In other words, it was not sent just to you which is NOT how the PayPal invoice system works.
|
To Field is a Subject Line |
The next Red Flag is this comment: “Don’t recognize the seller? Please contact us immediately at +1(888) 316-0467. If you do not reach out, we will proceed with the transaction. “
While it looks fine, that is not PayPal’s number AND is written under the “Notes from seller” section.
When you create an invoice in PayPal, there is a section where you, as the seller, can leave a comment to the recipient such as “Thank you for your business” or “See you again” or any free-form text.
The scammers use this section to add their notes to call them and to scare you into thinking the transaction is going to proceed.
How is it being sent from PayPal?
Scammers create fake invoices on the PayPal system in the hope that people will see an invoice from PayPal, view it, and make the payment.
They hope that you call their “support number” to report the scam so that they will manipulate you into giving them access to your account. Don’t underestimate their social engineering skills.
They also hope that they reach enough people and that the amounts are small enough to get instantly paid without needing approval or authorization. This happens a lot.
This scam works – a man was arrested after her sent fake invoices to Facebook and Google who paid over $100 Million!
Read that here: https://www.npr.org/2019/03/25/706715377/man-pleads-guilty-to-phishing-scheme-that-fleeced-facebook-google-of-100-million
What should you do?
Don’t click on the View Invoice button.
Just delete the email.
Keep safe out there,
Liron Segev
