Beware - that PayPal email could be a wallet-draining scam

Beware – that PayPal email could be a wallet-draining scam

Being invoiced via PayPal? Make sure it’s not a sca. The main concern for hackers involved in phishing is how they manage to get the malicious email past email security systems. Since most email service providers are adept at identifying and blocking spam and phishing emails, this is not a problem.

Avanan’s cybersecurity analysts have now discovered that some hackers have used PayPal and other payment service providers to create false invoices to spread phishing emails.

They will imitate a well-known company and set up a fake PayPal account. Most significantly, opening a PayPal account is free and takes only a few minutes. They would then use the service to issue fraudulent invoices and payment requests.

Calling the scammers

Given the (legitimate) nature of PayPal, email service providers can do nothing else but let the email through.

The invoice will look legit. It will have the brand logo, proper wording, but also – a phone number for the victim to call. 

Subscribe to Our Epblogs Telegram Channel instant breaking news, deals, opinion to stay up to date on the latest news and reviews.


The victims have two options, unless they completely disregard the invoice: either pay the bill, or call the provided number. As the victim’s phone number may also be known to the hackers, who may utilize it for future attacks, Avanan refers to this attack as a “double spear.”

The researchers told PayPal about the initiative a little less than two weeks ago. It is unclear how the payment service provider will approach the issue because they have not yet commented on it.

The researchers advise everyone to conduct a Google search on the phone number provided with the invoice before phoning a new service and to check their accounts to see if any charges have been made. In order to identify whether an email is malicious or not, they need also deploy enhanced security on their endpoints, which examines many indicators. They should also encourage users to contact their IT support if they have any doubts about the validity of an email.

Leave a Reply

Your email address will not be published. Required fields are marked *