PayPal invoice scam to be aware of!

Scary PayPal scam

This turned up in an account today and was a tad alarming due to its nature and unexpected appearance.

Paypal invoice scam
{ Logging into PayPal and seeing “You have sent £877.77 to … ” }

Well, if that doesn’t make your heart beat a little faster, eh?

(We cancelled and reported it, of course).

However, with a moment to brush away the panic and look closer, what do we see?

{ This PayPal invoice scam doesn’t add up! }

This is an example of a double bluff; if the first con fails, they rely on the second. If the second one fails, never mind; there are a million more people they can try. It’s all about the numbers.

The first con is hoping the victim will thoughtlessly send the request without thinking. It clearly says REQUEST.

The second line of attack assumes the person will think, “This can’t be right!” and then perhaps check if the money was, in fact, sent.

It really does not help that when you cancel the request, PayPal happily inform you that,
“This request has been cancelled. You’ll see it in your Completed transactions soon.”

What!? COMPLETED? *Heart pounding again* smiley is afraid

That’s poor wording by PayPal. Actually, it’s terrible. It SHOULD read something like this:
“This request has been cancelled.
Confirmation that you have cancelled and will NOT send this sum will appear in your ‘Completed transactions’ soon.”

Finally, given PayPal is incapable of properly wording an advisory note, the scammers hope you will still be concerned and will ring the number given.
DO NOT RING THE NUMBER!

If you think about it, it would be either a request for money OR an invoice for money already sent. It can’t be both.

Normally these parasites rely on spoofing, but these have worked out how to send ‘genuine‘ requests, typically for sums around £850. (It appears that the default request is for $1,000 and converts to your currency, allowing for exchange rates).

However, this isn’t the usual via email scam with a spoofed sender. Nope, this is a phishing scam that baits customers with a real request sent directly from their dodgy PayPal account to yours.

i.e. The scammers create a PayPal account and use PayPal’s ‘money request’ service to send you an official PayPal request for funds.

PayPal is enabling this fraud on its own site and has yet to stop this type of activity!

The con is as simple as it looks below! Even the wording begs fraudsters to give it a try; “Request money from anyone.

Paypal money request
{ PayPal money request }

 

There appear to be a few variations of this; crooks are going to town with this until PayPal does something to prevent it!

Three things to watch out for here:

  1. They will be unexpected and involve unknown people/companies
  2. It will be an unusually large amount
  3. The request will suggest that if you have any concerns that you ring a number (e.g. +44 800 …) (rather than contact Paypal directly).

Just cancel and report the buggers!


How does this scam work?

This is more devious than most, but they generally work because enough people are too trusting and gullible. It only needs a few to make it worthwhile for them.

Here’s how this sting works:

Firstly
All they need is a minimum of personal details to initiate the request. This can be little as your name, email address or mobile number.
Scammers can bulk-buy lists of these for pennies.

Secondly
If you press ‘send payment’ it will be authorised and transferred from your account to the scammers.

Now, while this is a ‘real’ Paypal account in as much it exists, it is most certainly being used illegally. The minute any funds arrive, they will be forwarded and reforwarded and withdrawn.

In the short term, you will be down a lot of money. Worse, depending on how PayPal handles this problem, you may not get it back. They should refund, but banks… Also, PayPal are an eBank rather than a full bricks-and-mortar bank; neither the rules nor the safety net are as stringent.

Thirdly
If you ring the number it suggests, the person answering will pretend to be PayPal.

(An immediate answer should be 100% a dead giveaway, hmmm!)

The ‘representative’ will agree it’s a scam and claim that you have a virus or security breach on your computer or phone and need to down ‘this’ app (a keylogger).

If you do that, next, they’ll ask you to log into your PayPal account. (They now have your actual login details and password.)

They’ll tell you it’s all sorted and it’s fine now.

Then they will empty your bank and go through all your contacts to see if any of your friends, relatives and associates are as gullible!

 

Broke, penniless guy.
{ This is Bob after he rang the number. Don’t be like Bob! }

What’s PayPal doing about this?

Nothing, it seems! I’ve looked into this and it’s a well-known scam that’s been going on for at least two years!

I am sure PayPal will be doing everything it can to minimise its own losses and protect its brand, but the loophole is still there, so maybe it could be doing more.


Links

Sophos (Nov 2022): Watch out for PayPal ‘money request’ scams

Elliot report (Dec 2022): This PayPal invoice scam almost got me

Which Magazine (2020): How PayPal fails fraud victims

Some PayPal users told Which? how a lack of comprehensive protections means they have struggled to get their money back when they have been tricked into sending money to fraudsters.

Also of possible interest:

Santander: Spotting fraud and scams

Kaspersky (2020): How PayPal users get scammed

Ackadia (Nov 2022): How to spot an email scam at a glance


Tumisu, from Pixabay

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
%d bloggers like this: