Don’t Fall for This PayPal Invoice Scam

by | Feb 28, 2023

Be careful about a PayPal invoice scam that has been showing up in personal and business email accounts. It combines a fake payment request using PayPal’s legitimate invoice tool and uses the “seller note to customer” section to offer a fraudulent help desk number. The scam is designed to target people who might pay upfront or call the number listed.

This latest scam comes at a poor time as PayPal is already under hot water due to a December 2022 data breach caused by passwords being reused. Since the invoice comes directly from them, it’s more convincing than previous tactics that imitate companies. Fortunately, PayPal has caught onto this scam and is quickly banning merchants so they can’t receive money. However, it doesn’t prevent emails that are already sent, meaning even if the payment link doesn’t work, the phone number might.

What Does a PayPal Invoice Scam Look Like?

As a disclaimer, we explored a PayPal invoice scam we received in a secure environment where nobody could steal financial data or personal information. Never click links you don’t trust. And only use phone numbers that are listed on a company’s official website that you’ve reach through a trusted search engine like Google.

The email we received, seen above, appeared to be an invoice from PayPal. It came from their standard email address, has clickable links to appropriate areas on their website, and even mentions phishing and fraudulent email awareness at the bottom. The issues start showing once you take a closer look.

At the top, it says “PayPal User” instead of the account owner’s name. While showing your full name doesn’t always mean it’s a legitimate request, in this case, it means it’s being sent to the email address by someone who doesn’t have that information. That can also apply to other types of scam emails.

There are several grammar and formatting errors based on what was inputted by the scammer. The name “coinbase” not being capitalized at the top is informal. The seller’s note shows odd capitalization, spacing, sentence phrasing, and other quirks. While it’s fully readable, it presents below average compared to what you would expect from a company the size of Coinbase Corporation.

A common tactic scammers use is to create false urgency, which makes the target more likely to make a mistake. The seller’s note does not describe what was purchased and acts as if the payment has already been sent, which can create that urgency. As a solution to the fake problem, the seller also claims to be PayPal Help Desk and offers a number where they’ll attempt to scam anyone who didn’t pay the invoice upfront.

What Happens When You Click View and Pay Invoice?

Once you click “View and Pay Invoice,” you’re taken to a payment processing screen, which you can see below. It has some of the same issues as the email. Coinbase is once again lowercase. The seller’s note to the customer imitates the PayPal Help Desk and provides the same fake phone number.

Under the “Bill to,” the address says, “PayPal User” and uses a generic support email, which isn’t how that’s typically formatted. But if someone is in a hurry and is not taking a close look, they may click through anyway, which is why it’s set up the way it is. Luckily, PayPal already detected the scam, so the “Pay $479.00” button creates an error saying, “This merchant is restricted.”

While that doesn’t remove the original email or invoice page with the fake help desk number, it prevents direct payments from being transferred through PayPal. However, there may still be a gap between the invoice being sent and the blocking of the seller. That’s why it’s important to be careful with processing new invoices by referencing it with internal records and expected costs. 

How Do You Report a PayPal Invoice Scam?

If you suspect you’ve received a fake invoice from PayPal, forward it to, and they’ll take care of the investigation. PayPal’s help center also answers other login and security-related questions. Due to the fake support number involved, some PayPal invoice scams also double as phishing scams, so it’s vital to report them as soon as you know it’s fake.

How Do You Avoid PayPal Invoice Scams?

It is difficult to avoid something you don’t know exists, so being aware of PayPal invoice scams is one of the best ways to prevent them. Scam invoices can appear authentic because they’re sent through their official payment request system. That means paying attention to details like invoice number, billing address, writing errors, and abuse of the seller note section. When in doubt, don’t use the phone number in the invoice. Contact the company directly through the helpline listed on their website.

Managed security service providers (MSSPs) like ITonDemand can provide frontline defense for business solutions. They can integrate spam email protection, monitor for outside threats, and provide staff awareness handouts. While PayPal’s invoice scam can come from an authentic source, having an expert cybersecurity team can uncover the fraud and respond to it quickly to minimize the chance of damage. 

Interested in a consultation to see if an MSSP is right for your business? Get in touch with us via our contact form or call us at: +1 (800) 297-8293

Get IT Support