PayPal is a popular online payment system that allows users to make payments by credit card, bank account, or PayPal account. However, there are scammers who use PayPal to steal money from unsuspecting victims. Here are some tips to help you avoid becoming a victim of a PayPal scam:

  1. Be aware of unsolicited emails that ask you to make a payment through PayPal. These emails may be from scammers who want to steal your money. Never click on any links in an unsolicited email and never send money to anyone you don’t know.
  2. Use caution when using PayPal for online transactions. Make sure the person you’re dealing with is legitimate and has a valid PayPal account. Don’t send money to someone you don’t know if they ask for it via PayPal.
  3. If something seems too good to be true, it probably is! Don’t give out personal information or financial information unless you’re sure the person asking for it is legitimate and has permission to use it.
  4. Report any suspicious activity or scams involving PayPal immediately by contacting customer service at www.paypal .com/help/. They will help protect your account and help identify scammers who are trying to take advantage of innocent people like you ..

Scammers are always looking for new ways to steal your personal details or money, and over the past few months, an exploit in PayPal’s invoice system is being used to create convincing phishing messages.

How Does the Scam Work?

PayPal allows sellers to create invoices, which can then be sent to a customer’s PayPal account to pay for a product or service. However, PayPal doesn’t seem to do a great job when it comes to checking if invoices are legitimate or not. Recently, scammers have been using invoices to trick people into sending money to other accounts. It’s not clear when this method became popular, but there are reports going back to 2020 and earlier.

The scam involves sending a PayPal user an email, telling them to pay for something. The email I received identified the sender as the “Billing Department of PayPal,” with a message saying “$1,000.00 has been debited to your account for the Walmart eGift Card purchase” and that I should contact a phone number for customer support. Another version identified by the Virginia Commonwealth University asked for $450 for “BITCOIN CRPTO,” with a different phone number listed.

The only similarities between all the messages are “Here’s your invoice” or “Invoice updated” at the top, and a button that says “View and Pay Invoice.” Unfortunately, those also appear for legitimate invoices from actual businesses. The emails are sent through the same “service@paypal.com” email address as other account notifications, making them seem more legitimate.

How to Avoid the Scam

The easiest way to ignore this specific attack is to not pay any invoices for a product or service you didn’t purchase. However, invoices are different than purchase notifications — if PayPal sent you a confirmation email for purchasing an item, then someone might have actually stolen your PayPal account, and you should contact PayPal customer support right away.

Generally speaking, if you receive a sketchy email or message about PayPal payments, you should go to paypal.com (or the apps for iPhone and Android) instead of clicking any links from the message. The Activity page on your PayPal profile will show any recent payments or requests, and you can check for any invoices from the Activity page by clicking Status > Invoices to pay.

Hopefully, PayPal will crack down on invoice abuse, so this won’t be a common occurrence anymore. PayPal isn’t alone, either — the popular money transfer service Zelle is also a frequent target for scammers.