I got a PayPal Invoice scam that actually tried
I get scams on a fairly regular basis, but today I got one that looked like actual effort had been put into it because the message actually did originate from PayPal.
Here’s how it worked – scammer sends invoice to me via PayPal – standard. In the Seller Notes they put in that PayPal has evidence of a third party potentially compromising my account and that if I don’t contact PayPal at (phone number) my account will be restricted.
Being kind of distracted the past couple of days with the tenant death and a medical test I’m doing this got a doubletake from me as the message originated from PayPal, but the supposed PayPal warning was in the seller notes above the normal PayPal warning that if you don’t know who this is don’t pay it.
Oh yeah, the company that’s invoicing me is called PayPa1 LLC (the L in PayPal being the number 1) and some letters showing very bold for some reason… guessing if I run them through a character converter and look what Unicode they are it’s a different character set. Yup


But how did they know about my dealings with [email protected]? So sus!

That phone number listed 860-400-9674, not PayPal… some random number in Connecticut.
Anyhow, nice to see a scammer trying and exploiting the systems at their disposal as opposed to the usual changing of a Reply-To in their emails. Of course, this being PayPal there’s no way to report that this is a fraudulent account without logging in, which the email this was sent to doesn’t *have* a PayPal account so yeah… good job on protecting your users PayPal!
This is a two fold scam it looks like – ID phishing with the phone number and fake billing with the PayPal… a twofer. Used Unicode to use the PayPal name as a display name on the invoice… yes, I somehow owe PayPal money from an account that doesn’t have PayPal…
Update – turns out you’re supposed to know to forward the emails to [email protected] & [email protected]