We've observed a sophisticated new scam involving PayPal's invoice system that's affecting email users worldwide. Here's what you need to know about these messages and how to protect yourself.
How the Scam Works
Fraudsters are exploiting PayPal's legitimate invoice system in a clever way:
- They create genuine PayPal invoices using legitimate PayPal accounts
- They include a fraudulent phone number in the "seller's note" section of the invoice
- When recipients call this number (thinking it's PayPal's customer service), they reach scammers who attempt to steal their financial information
- To reach more victims, the scammers are forwarding these legitimate PayPal emails through other trusted services like Microsoft Office 365
Why This Scam Is Different
What makes this scam particularly challenging to detect is that:
- The emails are genuinely from PayPal's servers
- They contain valid DKIM signatures
- They pass standard authentication checks
- They're being forwarded through trusted email providers
- The invoices actually exist in PayPal's system
How to Protect Yourself
If you receive an unexpected PayPal invoice:
- Do NOT call any phone numbers listed in the invoice or seller's notes
- Log into your PayPal account directly (not through any links in the email) to verify any charges
- If you need to contact PayPal, use only the contact information listed on PayPal's official website
- Report suspicious invoices directly to PayPal through their fraud reporting system
What We're Doing About It
Our spam filtering team is actively working to identify and block these messages, but it's particularly challenging because they're legitimate PayPal emails being forwarded through trusted services. We're in regular contact with both PayPal and Microsoft, as are many other email providers, to address this issue at its source.
This is an industry-wide challenge that requires action from the major platforms involved. While we continue to enhance our filtering capabilities, the most effective solution will come from PayPal implementing stricter controls on their invoice system and Microsoft improving their detection of forwarded scam messages.
Stay Informed
We'll continue to update our filtering rules as this situation evolves. If you receive suspicious PayPal invoices, we encourage you to report them both to PayPal and to our support team to help improve our detection capabilities.
Remember: PayPal will never ask you to call a phone number to dispute a charge. Always log into your PayPal account directly or use official contact methods listed on PayPal's website.
Comments
0 comments
Article is closed for comments.