advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 10:37AM
Scroll down and read text between images.

I got this in my inbox. It appears to come from PayPal, and when I hoover over the link, the URL is indeed PayPal. This is not phishing, I mean it does not try to trick you into clicking on a false URL. The URL is real.




So I open a separate tab and I log in to my PayPal account, I don't see any activity.

Then I click on this link (yes, I know, I am careful) and I see an invoice going to Robert Smith 6r63747 at gmail.com (not my name)




I try to cancel and I get this



OK so this must be sent from some other account.

let's go one step further and see what happens if one tried to pay such an invoice. But. I decided to remove my main card from PayPal and add a virtual number with low limit, just in case. There you go paypal. this expires today, so worst you can scam me is $1 even if I happen to click the worng button




So after I added this new card, I was able to remove the old real credit card (high limit). And I went back to Citibank and deactivated this new card just in case.

Now let's to back to that invoice and try to pay it. See what happens.




So now I can see the scammer's real address. if I try to click on Cancel and return to liambrosyo@gmail.com, it takes be back to the invoice.

So, if you are always logged into your PayPal account, it could be very easy to click the wrong button and make this payment.

To avoid potential fraud, I decided to:
1. No longer keep any card in may paypal account.
2. Remove any trusted device from my paypal account, so the payment page no longer shows up automatically.
3. I will avoind paypal in the near future and after I transition the recurring google cloud subscription to a real credit card, I plan to close the paupal account and never du business with them.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Acer
Date: September 30, 2022 10:48AM
Thanks for the report. Playing with fire, you are.

It's insidious because unlike a Nigerian prince scam, you really have no choice but to make sure your account has not been compromised. And that requires a log in at some point.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Gareth
Date: September 30, 2022 11:05AM
Did you report this to PayPal? If they get enough reports, maybe they would block the account, or at least remove the invoice from your account so you don't have to see it or accidentally pay it.

No reason to think your actual PayPal account is compromised, as it appears to be a real PayPal invoice and all they need for that is your email address. The scam seems to be to send real PayPal invoices and see how many people pay without realizing what it is.

Using a unique "throwaway" email for PayPal would probably limit this from happening again in the future (as the scammers might be less likely to come across that email).

Although I'm confused by how the invoice is billed to a different account? Does the invoice actually show up in your PayPal account when you're logged in? Maybe this wasn't actually sent to your PayPal account and the scammers are just impersonating PayPal as the sender? Which is actually easy to do (faking the sender's email address) so I don't understand why more don't do it. You can check the email headers to see where it's actually coming from and I think Gmail will flag an email that isn't using a matching SMTP server.



Edited 1 time(s). Last edit at 09/30/2022 11:10AM by Gareth.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 11:17AM
It appears that my address is a secondary or backup address.
Maybe when you send an invoice, there is an option to add a CC or even BCC in the recipient field? I don’t know.

No, it does not show up in my activity.

And yes, good suggestion to report this to PayPal. Will do.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: wurm
Date: September 30, 2022 01:10PM
Jeebus, that's pretty slick. The only thing that caught my eye was the phone number on the "Invoice" if you want to dispute. That number 888-928-4066 has nothing to do with Paypal that I can see.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: GeneH
Date: September 30, 2022 01:20PM
This is the way I ALMOST GOT SCAMMED for $3K!!! That's a phony non-existent charge which the crook(s) set up with some other confederate in an attempt to bilk you.

I got contacted by the crook who I thought was a tech rep from PayPal. NOT SO!

First thing he said was I need your passwords and IDs from all your accounts, bank and computer. Which struck me as strange!

Paypal NEVER authorizes entry by a tech to your computer or demands your passwords and the like. As "Dumbass Me" LATER learned from PayPal!

Too much more to add but he almost forwarded $3K from my Wells Fargo accounts to a bank in the Netherlands to a probably fictitious person (female!). Fortunately, Wells Fargo's (my bank) account "alarms" were set off and killed the transfer. Too much recent strange dealings or whatever! Thank GOD!

Came out of this wiser by half and got rid of my PayPal account for a while. Still don't want to transact anything with or through them. Since then, PayPal has told me to ignore any invoices of this sort in the future. They'll TAKE CARE of those.



Edited 1 time(s). Last edit at 09/30/2022 01:23PM by GeneH.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: richorlin
Date: September 30, 2022 02:17PM
Seems like an easy scam to avoid.
1. Don't leave your PayPal account logged in.
2. Don't automatically pay any PayPal request without investigating it further.
3. PayPal only contacts you by email, not by phone, so treat any call from PayPal as a potential scam.



richorlin
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 02:17PM
Avoid this at all costs

Stay logged in on this trusted device
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 02:26PM
Quote
Gareth
... You can check the email headers to see where it's actually coming from and I think Gmail will flag an email that isn't using a matching SMTP server.

Here you go

Delivered-To: gadje+mrf@gmail.com
Received: by 2002:a59:db82:0:b0:2fa:d3f8:9ab6 with SMTP id z2csp1974313vqc;
        Fri, 30 Sep 2022 07:35:23 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4goFTVzhlUT/PWRNixO9FyDVlT1fu0NKTQC09furU6L5r83Q4fdp6BCjWw64u02nfvtdfc
X-Received: by 2002:a17:902:e80f:b0:178:fee:c5fe with SMTP id u15-20020a170902e80f00b001780feec5femr9123281plg.85.1664548522767;
        Fri, 30 Sep 2022 07:35:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664548522; cv=none;
        d=google.com; s=arc-20160816;
        b=tiRSyFgbPmsFBE7Cl6QThkyJsmS6wnW5Nu5sB3Ym0DgRcnh+qWEJy6seRPVSziIB9d
         s3WhJiIb8nhB9751KbOzpLpS9Kb365OjYcwI4beKH88FfkeVi+9Gh51bodEHe2Bhluoa
         fjfBuddyQFD6sKYCjHg5xXEUVAeXTigiW/yZJPTOvXYwG0sk+Clg6ESQpgWQcM4WabQk
         8C9J9AhVE6tMCjfX41/qew5lEBw8zLOxIgeYfl0EgBbtoQB+ey5MV9e2hmf8u6HC4KtJ
         AKynMYsBQUfCprFTkAd2zOZEcW1HJxfsn3E6hyIBpgiSdHoxdxW9PcIUGpbMsnDLAQ9d
         RiHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=amq-delivery-message-id:mime-version:from:to:subject
         :pp-correlation-id:message-id:date:content-transfer-encoding
         :dkim-signature;
        bh=3iL09bzJ4Cg21atGSP2ZeT8MiCkoduqphskKDSEf94U=;
        b=FYZ2LXtacrDzQkGqZwXaZ7a+gTU3mXvf5gm7piB5gK7+JlUxnWgYjaDibfLhTQWC8g
         Q2WGIpib2tYSfQbPtmdWfW0mITezmyaXXFSRj6bF/m7veaE36PF/Tyko+u6bmw55EZ1e
         9C/cmik+6DJlzZaahJjgyam/gvL4//bX0itJo8pew5LNiK39v0NqefNXQ9E25tCNQh+b
         2CPvtlzGyOZVU4wAOR15V0C78bL1vlwSTBLK2Suex8YOf8D6/55CtVnwqJyR9TRCum4T
         WSJ86Vv6XR3XEWkxGpsmQk1NQw6lyYacBTsrmQpIp0Di5xSYFGnC4PrMAiV1lkpYAnJg
         PIEw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paypal.com header.s=pp-dkim1 header.b=fDXN6ouU;
       spf=pass (google.com: domain of service@paypal.com designates 173.0.84.229 as permitted sender) smtp.mailfrom=service@paypal.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
Return-Path: <service@paypal.com>
Received: from mx4.slc.paypal.com (mx4.slc.paypal.com. [173.0.84.229])
        by mx.google.com with ESMTPS id r17-20020a638f51000000b00434a8512567si596290pgn.822.2022.09.30.07.35.22
        for <gadje+mrf@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 30 Sep 2022 07:35:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of service@paypal.com designates 173.0.84.229 as permitted sender) client-ip=173.0.84.229;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paypal.com header.s=pp-dkim1 header.b=fDXN6ouU;
       spf=pass (google.com: domain of service@paypal.com designates 173.0.84.229 as permitted sender) smtp.mailfrom=service@paypal.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed; q=dns/txt; i=@paypal.com; t=1664548520; h=From:Fromconfused smileyubjectgrinning smileyate:To:MIME-Version:Content-Type; bh=3iL09bzJ4Cg21atGSP2ZeT8MiCkoduqphskKDSEf94U=; b=fDXN6ouUhaZU3AKBPsVEbGswXwA0ZCyFAyJNTuF/W8RVudNjgA6t7l2PFG9AdVtv m55G45zYapZom37kcKuyjMtDffdobBzJ1KhJbNDUebappxwTkuX2qSyI9yT70xZf 0Dqp3cUXf7iFe89644ybqdB1vWI+vzBQLvY/RiW7tml5kSudKDDTN2/Z95GK9RVi S5cf8mDKPWEg0qrv1XWqqLpGCGIXklFqq8FbcX/ASQ28BFS49t4iTIJNavdDLHxh tdlE0SB8mD4Ke75mRwq8JNuQX3BYzlpIr19QFABb1NVcBH03SJ4UhKZiLOgaDAMC V/mTiBNWw83II18U/+NRWQ==;
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="UTF-8"
Date: Fri, 30 Sep 2022 07:35:20 -0700
Message-ID: <8A.56.31736.8AEF6336@ccg13mail06>
X-PP-REQUESTED-TIME: 1664548514363
X-PP-Email-transmission-Id: 1ad5ebd6-40cd-11ed-a25f-3cecef47bf34
PP-Correlation-Id: f7664084d87c0
Subject: Invoice from Bitcoin Exchange (0001)
X-MaxCode-Template: PPC000977
To: <gadje+mrf@gmail.com>
From: "service@paypal.com" <service@paypal.com>
X-Email-Type-Id: PPC000977
MIME-Version: 1.0
X-PP-Priority: 0-none-true
AMQ-Delivery-Message-Id: nullval
X-XPT-XSL-Name: nullval
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: cbelt3
Date: September 30, 2022 04:12PM
all suspected phishing emails are forwarded to abuse@xxxx (xxxx is the address of the bank, paypal, apple, amazon, whatever..). They figure it out and smack the spam down.

Usually there is a complex web site built into the phishing emails that sucks out your userid and password. The corporations find and kill that site.

Of course it's whack-a-mole. They also kill the host providers.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Gareth
Date: September 30, 2022 04:18PM
Yea, headers look legit, which is why I think they might actually be sending these from a real PayPal account. You might want to edit our your email though, just so it doesn't get harvested later (appears a couple of times, at the top "Delivered To" and towards the end "To:").

Quote
wurm
Jeebus, that's pretty slick. The only thing that caught my eye was the phone number on the "Invoice" if you want to dispute. That number 888-928-4066 has nothing to do with Paypal that I can see.

Yea, the "slickness" comes from it being a real invoice from PayPal, and perhaps their ultimate goal is not to have people pay it, but to get them on the phone via their bogus phone number that they put in the seller comments area, but it looks like a note from PayPal customer service. And then once you are on the phone with them, they can try and harvest more personal information and accounts from you.

I've been getting a bunch of similar types of phishing emails with invoices for things like Quicken subscriptions, Geek Squad, etc. So, someone might be like WTH, I never ordered this and call to figure out what's going on. But those all look totally fake (to me at least) as they're usually a giant image attachment. This PayPal one looks legit because it's coming from a legit source, just with bogus comments.



Edited 2 time(s). Last edit at 09/30/2022 04:19PM by Gareth.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 05:26PM
Yea, headers look legit, which is why I think they might actually be sending these from a real PayPal account. You might want to edit our your email though, just so it doesn't get harvested later (appears a couple of times, at the top "Delivered To" and towards the end "To:").


That is already edited, gadje+mrf@gmail.com is NOT my real email.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Tiangou
Date: September 30, 2022 09:00PM
[www.komando.com]

What’s causing these fake PayPal invoices to come through?

Let’s clear up a misconception first: These are not fake invoices. They’re 100% genuine and created within PayPal using the same tools that all PayPal users have access to. Unfortunately, they’re being misused as part of an aggressive spam campaign and sent to hundreds (perhaps even thousands) of random users in the hopes that someone will bite.

To protect yourself, the most important thing you can do is to be skeptical of any new invoices coming into your account. If you work with PayPal invoices regularly, don’t click on email links to view them. Instead, open PayPal in your web browser and log in to your account to see what invoices are waiting for you there.

...

If you did manage to fall for one of these invoice tricks, there isn’t much you can do to recover your money other than filing a dispute with PayPal for fraud.




Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: gadje
Date: September 30, 2022 09:15PM
Quote
Tiangou
[www.komando.com]

What’s causing these fake PayPal invoices to come through?

...

Thank you, I haven't seen this before. I was new to me, but apparently has been going on since 2020 or maybe even earlier. interesting.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: mspace
Date: October 01, 2022 08:07AM
I always log in separately from the email/notice. If I don't see it in my activity, I assume it's a scam.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: richorlin
Date: October 01, 2022 10:36AM
By the way, unless English is not your native tongue, a red flag is the capitalization of ‘charged’, ‘bank statement’ and ‘invoice’. Also, ‘Do give us a call’ is not an American English phrase, but of British origin. Subtle differences, but enough to throw up a red flag if you are paying attention.



richorlin
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Acer
Date: October 01, 2022 01:44PM
In simpler times, this would be mail fraud. The internet needs an inspector general like the post office. The post office does not mess around when it comes to mail fraud.
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Gareth
Date: October 02, 2022 01:11AM
Quote
Acer
In simpler times, this would be mail fraud. The internet needs an inspector general like the post office. The post office does not mess around when it comes to mail fraud.

FBI sort of handles that, but who knows how effective they really are with the amount of scams there must be…

[www.ic3.gov]
Options:  Reply • Quote
Re: Be careful, new PayPal Scam out there. I tested the waters for you (but didn't take the bait, LOL)
Posted by: Tiangou
Date: October 03, 2022 05:26PM
It's good to visit /r/Scams every once in awhile to catch up on these things.



Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 81
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020