Phishing Alert: Paypal Fake Invoice Scams

Key Points:

  • PayPal continues to be one of the most used online payment methods.
  • Recent reports show that scammers are using PayPal invoices to trick people into paying for goods and services they never received.
  • If you receive a PayPal invoice that you’re not expecting, do not pay it. Instead, review the invoice carefully to make sure it’s legitimate.

Do you remember when the only way to send or request a payment from someone was to write a check or walk into your bank to send a wire transfer? Fast forward to 2022, and it’s now possible to do all those things without ever having to leave your chair. There are so many different ways to pay someone that the process has become much simpler and easier

You can use Venmo, Cash App, or good old-fashioned bank transfers. Then there’s PayPal. As one of the most popular online payment processors, PayPal frequently targets scams. These scams take many different forms, but they all have one goal: to trick users. Recently, we’ve seen an uptick in scams targeting businesses through PayPal. These scams come in invoices, which can be very convincing.

How Does the PayPal Invoice Scam Work?

These are not “phishing” emails in the traditional sense. Scammers are taking advantage of a feature in PayPal that allows businesses to send invoices to their customers. Creating a PayPal account is free and easy, so anyone can make one and start sending out invoices. The invoices sent by fraudsters will often reference an actual transaction that a business has made in the past.

The invoice will usually have a low “threshold of pain”, meaning that the amount owed is not too high that it would cause alarm bells to go off immediately. This is because the fraudsters are counting on the fact that businesses are used to dealing with invoices regularly and will not think twice about paying a small amount they may not even remember incurring.

Once the business pays the invoice, the money is transferred to the scammer’s PayPal account. To protect your business, the best thing you can do is be suspicious of any invoices you’re not expecting, even if they appear to be from a legitimate company. You can also log into your PayPal account to check if any invoices are waiting to be paid.

How to Avoid Falling Victim to This Scam

Email spam filters are helpful tools that protect you from phishing emails and other scams. However, they’re not perfect, and sometimes questionable emails can get caught in the filter. This is why it’s essential to be vigilant and always question any emails you’re not expecting, even if they appear to be from a legitimate source.

Since spam filters are not always effective at catching these types of scams, it’s essential to be aware of the red flags. If you see any of the following red flags in an invoice email, be sure to exercise caution before taking any further action:

  • The email is not addressed to you by name.
  • The sender’s email address does not match the company’s domain name.
  • The invoice is for a service or product you did not receive.
  • There are grammatical errors or other indications that the email is not legitimate.
  • The email instructs you to act outside the normal channels, such as clicking on a link or downloading an attachment.

If you see any of these red flags in an invoice email, exercise caution before taking further action. If you’re unsure about the legitimacy of an email, be sure to contact the company directly to inquire about the invoice. Even when an email is sent through a website you trust, it is always a wise choice to err on the side of caution to avoid falling victim to a scam.

How Can Businesses Educate and Train Employees to Spot These Scams?

Businesses need to be proactive in training their employees to spot these scams. Here are some steps businesses can take to train their employees to spot and avoid these types of scams:

  • Create awareness of the problem: Employees need to be aware that this is a problem and should be on the lookout for suspicious emails.
  • Set up a process for reporting suspicious emails: Employees should know who to contact if they receive a suspicious email.
  • Train employees to spot the red flags: Employees should be trained to spot the red flags of a phishing email, such as grammatical errors and unusual requests.
  • Keep employees up to date on the latest scams: Employees should be periodically updated on the latest scams so they can be on the lookout for new and emerging threats.
  • Encourage employees to exercise caution: Employees should be encouraged to exercise caution when dealing with any suspicious emails. They should never click on links or attachments from someone they don’t know.

Additionally, some businesses may want to consider implementing a policy that requires invoices to be verified and approved by a supervisor before any action is taken. This will help to ensure that no illegitimate invoices are paid and will help to protect the business from falling victim to this type of scam. Fraudsters are always coming up with new ways to scam businesses, so staying up to date on the latest threats is essential. By following these steps, businesses can help protect themselves and their employees from falling victim to these scams.

Contact the Cyber Security Experts of

Cybersecurity threats are constantly evolving, and it can be challenging to keep up with the latest scams. If you’re concerned about your business’s cybersecurity, contact the experts at We can help you to assess your risks and implement the latest security measures to protect your business.

We offer a variety of services, including:

  • Cybersecurity assessments
  • Security system design and implementation
  • Security system monitoring and maintenance
  • Employee training on cybersecurity awareness and best practices

Don’t wait until it’s too late. Give us a call at (877) 936-3328 to get started.

Share the Post