Jump to content

New Paypal phishing scam?


Recommended Posts

Normally I find spam emails easy to spot as they come from unrecognized email accounts. But today I got the following email from Paypal directly. This for an account I haven't used for a few years and isn't linked to any cards or banks - maybe dodged a bullet there?

 

The odd thing about it was it came from a Paypal address ([email protected]), but didn't know my name, just called me Paypal User whereas normally my name is displayed? If I clicked on View and Pay Invoice (something I maybe shouldn't have) it took me to my real Paypal account page. At first the invoice showed a 600$ gift voucher purchase for a Yahoo email address similar to my name but not me, but subsequent View and Pay Invoice clicks a few hours later simply show a message that says Invoice does not exist.

 

Maybe Paypal fixed it themselves I don't know? My Paypal page shows no transactions so I don't see any point in calling them about it.

 

Anyone else?

 

 

 

 

1424313293_Screenshot2022-06-08110317.thumb.jpg.c6187b68e4848bddba435f8dc6193289.jpg

Link to comment
Share on other sites

There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. 

Edited by spidermike007
  • Like 1
Link to comment
Share on other sites

Never click on unknown email links.  Exit the email and go to whatever official site directly.  It's very easy for scammers to make a fake website that looks real but in fact it's their way to get important info out of you.

  • Like 1
Link to comment
Share on other sites

1.  On second check of PayPal you typed in the address so got the real PayPal site?

2.  On first check, from email link, you did not click any links on that page (to question the invoice - which would likely have started a scam dialog)?

3.  For sure a scam not knowing and using your name.

4.  It may have been one of the scammers from India active now - they claim to be employed by whatever firm and help to refund charge by payback to your bank account (while they have access to your computer) and overpay (false screen) and beg you to save their job as you must have typed amount wrong and then send you out to buy gift cards or if your bank indicates large balance maybe have you transfer direct (the 30,000 they inadvertently sent you in fake balance screen - but letting you keep a bit for all your trouble).

  • Like 2
Link to comment
Share on other sites

3 hours ago, spidermike007 said:

Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. 

This is the golden rule with online.  Don't follow a link, open a new browser window and log in the way you normally do, going to the site directly

  • Like 2
Link to comment
Share on other sites

3 hours ago, spidermike007 said:

There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. 

In the UK we call these people 'the government'

  • Haha 2
Link to comment
Share on other sites

Search for an option like "show full headers" or "technical details" in email menu and post these here.

 

It looks like you use Gmail, if so then this option is called "Show original". The original message with all headers will open in a new browser tab, copy the headers starting from the top line (usually gmail headers begins with "Delivered-To:") to the beginning of the actual message (usually gmail headers end with "Content-Type: text/html" or "Content-Type: multipart").

 

make sure to remove your private data.

Edited by fdsa
  • Like 1
Link to comment
Share on other sites

18 hours ago, fdsa said:

make sure to remove your private data.

Thanks, it's rather long full header and I don't really have time to see/understand what is private data within in, so reluctant to post the entire header. But it does say something like below where I have REMOVED my real name:

 

Received: from mx4.slc.paypal.com (mx4.slc.paypal.com. [173.0.84.229])
        by mx.google.com with ESMTPS id n5-20020a170902f60500b0015cfe719870si25795924plg.222.2022.06.07.09.27.52
        for <[email protected]>

 

The full header is very similar to the full header of a genuine Paypal email. So I am still convinced it comes from Paypal.

 

 

I have Googled the topic and found this link which seems like a similar example: https://www.komando.com/security-privacy/paypal-invoice-scams/752199/

In it is says:

What’s causing these fake PayPal invoices to come through?

Let’s clear up a misconception first: These are not fake invoices. They’re 100% genuine and created within PayPal using the same tools that all PayPal users have access to. Unfortunately, they’re being misused as part of an aggressive spam campaign and sent to hundreds (perhaps even thousands) of random users in the hopes that someone will bite.

 

Edited by WorriedNoodle
Link to comment
Share on other sites

You should be calling PayPal about it and providing them what you have.  Starting to sound like a backdoor on PayPal software allowing access (perhaps only for limited time) and something that needs to be fixed.  I closed my PayPal account some months ago when Thailand was getting locked out (which did not happen).  Stopped using Ebay even earlier so had not need for them except for an occasional fax service.

Link to comment
Share on other sites

2 hours ago, lopburi3 said:

You should be calling PayPal about it

I will if anything shows up on my invoicing, but nothing since the email, and the account page looks normal. The link above about the scam is from 2020 so Paypal must know about it.

Link to comment
Share on other sites

4 minutes ago, WorriedNoodle said:

I will if anything shows up on my invoicing, but nothing since the email, and the account page looks normal. The link above about the scam is from 2020 so Paypal must know about it.

This may be new and they can take action so be good to advise them about it with a copy.  I could not read on forum (too small) but if you send as PDF they should be able to read (advise them date/times as best you can and full header information).  You may save someone else.

  • Like 1
Link to comment
Share on other sites

8 hours ago, WorriedNoodle said:

Thanks, it's rather long full header and I don't really have time to see/understand what is private data within in, so reluctant to post the entire header. But it does say something like below where I have REMOVED my real name:

 

Received: from mx4.slc.paypal.com (mx4.slc.paypal.com. [173.0.84.229])
        by mx.google.com with ESMTPS id n5-20020a170902f60500b0015cfe719870si25795924plg.222.2022.06.07.09.27.52
        for <[email protected]>

 

The full header is very similar to the full header of a genuine Paypal email. So I am still convinced it comes from Paypal.

 

 

I have Googled the topic and found this link which seems like a similar example: https://www.komando.com/security-privacy/paypal-invoice-scams/752199/

In it is says:

What’s causing these fake PayPal invoices to come through?

Let’s clear up a misconception first: These are not fake invoices. They’re 100% genuine and created within PayPal using the same tools that all PayPal users have access to. Unfortunately, they’re being misused as part of an aggressive spam campaign and sent to hundreds (perhaps even thousands) of random users in the hopes that someone will bite.

 

wow, this definitely looks like a real email from Paypal.

 

I suppose they have some vulnerability in their system allowing to send auto-chargeable invoices to random people.

  • Like 1
Link to comment
Share on other sites

On 6/8/2022 at 12:08 PM, spidermike007 said:

There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. 

'live the lifestyle of a vampire, sucking on the blood of society'

No. They are just common  criminals- no blood sucking- no vampires- just ordinary people- but petty criminals exploiting new  technology.

 

Link to comment
Share on other sites

10 hours ago, The Hammer2021 said:

'live the lifestyle of a vampire, sucking on the blood of society'

No. They are just common  criminals- no blood sucking- no vampires- just ordinary people- but petty criminals exploiting new  technology.

 

I guess there is no room for metaphors on this most lofty of platforms?

  • Like 1
Link to comment
Share on other sites

  • 2 months later...

> Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge

 

ah, that one is similar to the scam I already know - I often receive an email with text like "your subscription for (some random product name) was renewed and your account will be charged (some random amount), if you have questions please call +1 (some random phone number)"

 

I suppose that if you call that number to "dispute" the payment you will be tricked into handing your credit card details to the fraudsters on the phone.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...