Scammers Are Using PayPal’s Invoicing System to Target Unsuspecting Victims

PayPal invoice scam experience

Did you know that not all emails received from PayPal are trustworthy? As a PayPal user, I was under the impression that only trusted sources could send me an invoice through the platform. So when I received an unexpected invoice on PayPal for a product I had never ordered, I was confused and concerned.

What makes the situation dangerous is that the scammer used PayPal’s invoicing system, which confused me, even as a software engineer with a background in payments and payment security.

The confusion caused by PayPal’s invoicing system

To provide more details, I received an invoice from PayPal claiming that Coinbase had issued an invoice for a Bitcoin purchase of USD 516.00. What was concerning was that I don’t have my PayPal account linked to Coinbase, and I don’t even use the associated email address for Coinbase.

After receiving this invoice, I investigated further. After a quick Google search, I stumbled upon a Reddit page where users were blaming PayPal’s user interface (UI) and user experience (UX) for not being clear on which sections of the invoice were set by PayPal and which were set by the scammer. This ambiguity can make it difficult for users to determine whether an invoice is legitimate or a scam.

Reaching out to Coinbase and PayPal

To verify whether the invoice was a scam, I contacted Coinbase to inquire about the alleged BTC purchase. However, Coinbase was unable to locate any record of the transaction. After receiving a copy of the invoice, Coinbase also noted that the PayPal URL in the invoice might be invalid.

Despite the apparent invalidity of the invoice content, it came through PayPal’s email, as you can see in the screenshot above.

I decided to contact PayPal to learn more about how this was possible. After several redirects, I finally spoke to a representative. He confirmed that anyone who knows our email address can send us an invoice through PayPal. However, the victim will not be charged automatically without our consent.

Need for stronger security measures for Paypal Invoices

The fact that scammers can use PayPal’s invoicing system to target unsuspecting victims highlights the need for better security measures to protect users.

It is disappointing that PayPal may not be doing enough to block these scams. PayPal should take this feedback seriously and prioritize the safety and security of its users by implementing more effective checks and controls to prevent fraudulent activities.

What should you do if you received such an email?

If you receive an email requesting payment through PayPal, it is crucial to be cautious and vigilant. Even if the email appears to be from PayPal, it is best to avoid clicking on any links or calling any phone numbers provided in the email. Scammers may edit the invoicing URL content and add their numbers, so only use the phone number listed in your PayPal account for support.

Instead, log in to your PayPal account directly and check your account activity to verify the authenticity of the request. If you have any concerns or questions about the email, contact PayPal’s customer support using the phone number provided in your account.
Doing so will guarantee that you are speaking to a legitimate PayPal representative who can assist you in verifying the request and taking appropriate action to protect your account from fraudulent activities.

Remember, staying vigilant and taking necessary precautions can help protect you from falling victim to scams and fraudulent activities.