WorriedNoodle Posted June 8, 2022 Share Posted June 8, 2022 Normally I find spam emails easy to spot as they come from unrecognized email accounts. But today I got the following email from Paypal directly. This for an account I haven't used for a few years and isn't linked to any cards or banks - maybe dodged a bullet there? The odd thing about it was it came from a Paypal address ([email protected]), but didn't know my name, just called me Paypal User whereas normally my name is displayed? If I clicked on View and Pay Invoice (something I maybe shouldn't have) it took me to my real Paypal account page. At first the invoice showed a 600$ gift voucher purchase for a Yahoo email address similar to my name but not me, but subsequent View and Pay Invoice clicks a few hours later simply show a message that says Invoice does not exist. Maybe Paypal fixed it themselves I don't know? My Paypal page shows no transactions so I don't see any point in calling them about it. Anyone else? Link to comment Share on other sites More sharing options...
Popular Post Jerno Posted June 8, 2022 Popular Post Share Posted June 8, 2022 Yes it's a phishing scam. Click the link and auto download a virus or worse. 3 Link to comment Share on other sites More sharing options...
Popular Post Sparktrader Posted June 8, 2022 Popular Post Share Posted June 8, 2022 Pp scams old news 3 Link to comment Share on other sites More sharing options...
mvdf Posted June 8, 2022 Share Posted June 8, 2022 Disturbing and unnerving that the sender's email address matches the real one. How the fraudster managed to spoof it is mind-boggling. 1 Link to comment Share on other sites More sharing options...
Popular Post Ohyesuare Posted June 8, 2022 Popular Post Share Posted June 8, 2022 (edited) 10 minutes ago, mvdf said: Disturbing and unnerving that the sender's email address matches the real one. How the fraudster managed to spoof it is mind-boggling. If you hover your cursor over the email address, it usually shows the actual email which is usually a bunch of gibberish numbers and letters. PayPal will ALWAYS address you by your name and NEVER by PayPal User and OP should not have clicked on anything in the email and instead opened a new window and went directly to the account. If you Google the phone number, you can see results saying that it's a number associated with PayPal scams. OP should definitely change their password as even with no bank or cards attached, you still don't want a a scammer having an account in your name. Edited June 8, 2022 by Ohyesuare 2 1 Link to comment Share on other sites More sharing options...
spidermike007 Posted June 8, 2022 Share Posted June 8, 2022 (edited) There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. Edited June 8, 2022 by spidermike007 1 Link to comment Share on other sites More sharing options...
bbko Posted June 8, 2022 Share Posted June 8, 2022 Never click on unknown email links. Exit the email and go to whatever official site directly. It's very easy for scammers to make a fake website that looks real but in fact it's their way to get important info out of you. 1 Link to comment Share on other sites More sharing options...
lopburi3 Posted June 8, 2022 Share Posted June 8, 2022 1. On second check of PayPal you typed in the address so got the real PayPal site? 2. On first check, from email link, you did not click any links on that page (to question the invoice - which would likely have started a scam dialog)? 3. For sure a scam not knowing and using your name. 4. It may have been one of the scammers from India active now - they claim to be employed by whatever firm and help to refund charge by payback to your bank account (while they have access to your computer) and overpay (false screen) and beg you to save their job as you must have typed amount wrong and then send you out to buy gift cards or if your bank indicates large balance maybe have you transfer direct (the 30,000 they inadvertently sent you in fake balance screen - but letting you keep a bit for all your trouble). 2 Link to comment Share on other sites More sharing options...
WorriedNoodle Posted June 8, 2022 Author Share Posted June 8, 2022 2 hours ago, Ohyesuare said: If you hover your cursor over the email address, it usually shows the actual email which is usually a bunch of gibberish numbers and letters. Indeed thats what I normally do. But this came from Paypal themselves! Link to comment Share on other sites More sharing options...
lopburi3 Posted June 8, 2022 Share Posted June 8, 2022 10 minutes ago, WorriedNoodle said: Indeed thats what I normally do. But this came from Paypal themselves! Do your old PayPal message from lines look like that? Mine looks like this: PayPal <[email protected]> 1 Link to comment Share on other sites More sharing options...
CharlieH Posted June 8, 2022 Share Posted June 8, 2022 Title adjusted to reflect phishing concerning PayPal not a scam by PayPal. 1 Link to comment Share on other sites More sharing options...
BangkokReady Posted June 8, 2022 Share Posted June 8, 2022 3 hours ago, spidermike007 said: Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. This is the golden rule with online. Don't follow a link, open a new browser window and log in the way you normally do, going to the site directly 2 Link to comment Share on other sites More sharing options...
mvdf Posted June 8, 2022 Share Posted June 8, 2022 Always use 2FA (2 factor authentication). I use a Yubikey for my email, crypto, password manager and financial accounts. 2 Link to comment Share on other sites More sharing options...
mrfill Posted June 8, 2022 Share Posted June 8, 2022 3 hours ago, spidermike007 said: There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. In the UK we call these people 'the government' 2 Link to comment Share on other sites More sharing options...
WorriedNoodle Posted June 8, 2022 Author Share Posted June 8, 2022 4 hours ago, lopburi3 said: Do your old PayPal message from lines look like that? Mine looks like this: PayPal <[email protected]> I seem to have a mix of either [email protected] or [email protected] in my inbox dating back 12 years. Link to comment Share on other sites More sharing options...
fdsa Posted June 8, 2022 Share Posted June 8, 2022 (edited) Search for an option like "show full headers" or "technical details" in email menu and post these here. It looks like you use Gmail, if so then this option is called "Show original". The original message with all headers will open in a new browser tab, copy the headers starting from the top line (usually gmail headers begins with "Delivered-To:") to the beginning of the actual message (usually gmail headers end with "Content-Type: text/html" or "Content-Type: multipart"). make sure to remove your private data. Edited June 8, 2022 by fdsa 1 Link to comment Share on other sites More sharing options...
WorriedNoodle Posted June 9, 2022 Author Share Posted June 9, 2022 (edited) 18 hours ago, fdsa said: make sure to remove your private data. Thanks, it's rather long full header and I don't really have time to see/understand what is private data within in, so reluctant to post the entire header. But it does say something like below where I have REMOVED my real name: Received: from mx4.slc.paypal.com (mx4.slc.paypal.com. [173.0.84.229]) by mx.google.com with ESMTPS id n5-20020a170902f60500b0015cfe719870si25795924plg.222.2022.06.07.09.27.52 for <[email protected]> The full header is very similar to the full header of a genuine Paypal email. So I am still convinced it comes from Paypal. I have Googled the topic and found this link which seems like a similar example: https://www.komando.com/security-privacy/paypal-invoice-scams/752199/ In it is says: What’s causing these fake PayPal invoices to come through? Let’s clear up a misconception first: These are not fake invoices. They’re 100% genuine and created within PayPal using the same tools that all PayPal users have access to. Unfortunately, they’re being misused as part of an aggressive spam campaign and sent to hundreds (perhaps even thousands) of random users in the hopes that someone will bite. Edited June 9, 2022 by WorriedNoodle Link to comment Share on other sites More sharing options...
lopburi3 Posted June 9, 2022 Share Posted June 9, 2022 You should be calling PayPal about it and providing them what you have. Starting to sound like a backdoor on PayPal software allowing access (perhaps only for limited time) and something that needs to be fixed. I closed my PayPal account some months ago when Thailand was getting locked out (which did not happen). Stopped using Ebay even earlier so had not need for them except for an occasional fax service. Link to comment Share on other sites More sharing options...
WorriedNoodle Posted June 9, 2022 Author Share Posted June 9, 2022 2 hours ago, lopburi3 said: You should be calling PayPal about it I will if anything shows up on my invoicing, but nothing since the email, and the account page looks normal. The link above about the scam is from 2020 so Paypal must know about it. Link to comment Share on other sites More sharing options...
lopburi3 Posted June 9, 2022 Share Posted June 9, 2022 4 minutes ago, WorriedNoodle said: I will if anything shows up on my invoicing, but nothing since the email, and the account page looks normal. The link above about the scam is from 2020 so Paypal must know about it. This may be new and they can take action so be good to advise them about it with a copy. I could not read on forum (too small) but if you send as PDF they should be able to read (advise them date/times as best you can and full header information). You may save someone else. 1 Link to comment Share on other sites More sharing options...
fdsa Posted June 9, 2022 Share Posted June 9, 2022 8 hours ago, WorriedNoodle said: Thanks, it's rather long full header and I don't really have time to see/understand what is private data within in, so reluctant to post the entire header. But it does say something like below where I have REMOVED my real name: Received: from mx4.slc.paypal.com (mx4.slc.paypal.com. [173.0.84.229]) by mx.google.com with ESMTPS id n5-20020a170902f60500b0015cfe719870si25795924plg.222.2022.06.07.09.27.52 for <[email protected]> The full header is very similar to the full header of a genuine Paypal email. So I am still convinced it comes from Paypal. I have Googled the topic and found this link which seems like a similar example: https://www.komando.com/security-privacy/paypal-invoice-scams/752199/ In it is says: What’s causing these fake PayPal invoices to come through? Let’s clear up a misconception first: These are not fake invoices. They’re 100% genuine and created within PayPal using the same tools that all PayPal users have access to. Unfortunately, they’re being misused as part of an aggressive spam campaign and sent to hundreds (perhaps even thousands) of random users in the hopes that someone will bite. wow, this definitely looks like a real email from Paypal. I suppose they have some vulnerability in their system allowing to send auto-chargeable invoices to random people. 1 Link to comment Share on other sites More sharing options...
The Hammer2021 Posted June 9, 2022 Share Posted June 9, 2022 On 6/8/2022 at 12:08 PM, spidermike007 said: There is a whole subculture out there, who absolutely refuses to work for a living, and they live the lifestyle of a vampire, sucking on the blood of society. One needs to exercise great care, these days. I do as you did here, and always look at the return address first. Then, I typically just log into my account directly, rarely ever using a link, unless I know who it is from, or why it is there. Links can be very dangerous. 'live the lifestyle of a vampire, sucking on the blood of society' No. They are just common criminals- no blood sucking- no vampires- just ordinary people- but petty criminals exploiting new technology. Link to comment Share on other sites More sharing options...
spidermike007 Posted June 10, 2022 Share Posted June 10, 2022 10 hours ago, The Hammer2021 said: 'live the lifestyle of a vampire, sucking on the blood of society' No. They are just common criminals- no blood sucking- no vampires- just ordinary people- but petty criminals exploiting new technology. I guess there is no room for metaphors on this most lofty of platforms? 1 Link to comment Share on other sites More sharing options...
lopburi3 Posted August 20, 2022 Share Posted August 20, 2022 Confirmed scam. https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/ 1 Link to comment Share on other sites More sharing options...
fdsa Posted August 20, 2022 Share Posted August 20, 2022 > Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge ah, that one is similar to the scam I already know - I often receive an email with text like "your subscription for (some random product name) was renewed and your account will be charged (some random amount), if you have questions please call +1 (some random phone number)" I suppose that if you call that number to "dispute" the payment you will be tricked into handing your credit card details to the fraudsters on the phone. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now