logo
HomeNewsSportsBusinessTech
Fake invoice alert: PayPal attacked.
Tech

Fake invoice alert: PayPal attacked.

Oct 31, 2025,16 days ago

According to a report from Forbes, which referenced an alert from the security experts at KnowBe4, cybercriminals are unleashing a clever twist on what's known as a Telephone-Oriented Attack Delivery (TOAD) to trick unsuspecting PayPal users with fraudulent invoices. Here's how this sneaky scam works: Perpetrators send out a fake invoice or a money request, often appearing to come from a legitimate PayPal email address. The catch? These invoices list products or services that the user never ordered – a glaring red flag that astute users can easily spot.


"You receive an email from a real PayPal email address which contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge," warned security analysts at KnowBe4, outlining the deceptive tactic. A typical TOAD threat often features an urgent-sounding message alongside a seemingly official document, like a PDF invoice. The goal is to instill fear of financial loss and pressure victims into calling a phone number controlled by the scammers. This particular PayPal scam has reportedly been active for about a week now.


What makes this attack especially alarming, as highlighted by KnowBe4, is that these fake invoices are being sent from actual, genuine PayPal account emails. While the email itself might be real, the invoice is a carefully crafted ploy by cybercriminals whose sole objective is to snatch your sensitive financial information, such as credit card details. KnowBe4 further clarified, "The email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal’s support team, but rather a fraudster after anything from your credit card details, PayPal account credentials or just a good old-fashioned cash payment."


Another crucial red flag identified by experts is the email's blank body, containing only the invoice as an attachment. PayPal, they noted, would never send an invoice or any critical communication in such a manner. Should a user open the attached invoice, it typically follows the standard TOAD script: "Your account has been billed $823.00. The payment will be processed in the next 24 hours. Didn’t make this purchase? Contact PayPal Support right now." – a clear attempt to create panic and prompt immediate action.


Pieter Arntz, a malware intelligence researcher at Malwarebytes and an employee of a security vendor, who himself received one of these deceptive emails, believes they are being dispatched in bulk. He observed additional red flags, such as some emails originating from random Gmail accounts instead of PayPal, and being sent to a blind carbon copy (BCC) list, indicating hundreds of recipients at once. He emphasized that PayPal would never distribute invoices in this fashion.


**PayPal's Protective Stance**


This escalating threat underscores the relentless efforts of fraudsters to exploit and scam innocent users through increasingly sophisticated methods. In response to the ongoing attack, PayPal promptly issued a public warning: "Do not pay, Do not Phone." The company advises anyone who receives an unexpected or suspicious invoice or payment request – regardless of whether it appears to be from PayPal or another service – to absolutely not pay it or respond in any way. PayPal assures customers that it is actively combating the evolving landscape of scamming tactics. The company is taking comprehensive measures to protect users, including manual investigations, advanced fraud prevention technology, and proactive steps like limiting scam accounts and declining risky transactions.


"We do not tolerate fraudulent activity on our platform, and our teams work tirelessly to protect our customers," PayPal stated. "We are aware of this phishing scam and encourage people to always be vigilant online and mindful of unexpected messages." Customers are strongly encouraged to report any unwarranted invoices or money requests by logging directly into their PayPal account via the official website or app. For suspicious emails or websites, users can forward them to phishing@paypal.com and then promptly delete the email from their inbox.


**Stay Safe: PayPal's Essential Tips**


To help users avoid falling victim, PayPal has provided crucial tips for staying alert:


* **Unexpected Invoices/Requests:** Be wary of any invoice or money request received through PayPal for products or services you never ordered.

* **Alarmist Notes:** Watch out for invoices or money requests containing urgent, alarmist notes that try to pressure you into calling a fake customer service number. These fraudsters hope to extract your personal and financial details over the phone.

* **Fake Email Invoices:** Never click links or call phone numbers found in suspicious emails that are designed to mimic legitimate PayPal communications.


As a crucial reminder: if you receive a suspicious invoice or money request, do not pay it. Avoid calling any phone numbers listed in the invoice note or clicking on suspicious URLs. Furthermore, never send money to a cryptocurrency wallet mentioned in an invoice or money request.

Related Stories

Elon Musk releases video of Tesla Optimus robot learning martial arts and fighting human
Tech

Elon Musk releases video of Tesla Optimus robot learning martial arts and fighting human

In a fascinating display shared by the world's wealthiest individual, Elon Musk recently posted a video on the X platform featuring the Tesla Optimus robot mastering kung fu. The captivating 45-second clip, uploaded directly from Musk's personal account, quickly went viral, attracting over 12 million views. It showcased Tesla's humanoid robot executing a series of punches, kicks, and impressive defensive maneuvers with remarkable precision, moving in perfect synchronization with a human trainer within a sleek Fremont laboratory setting.

Oct 4, 2025,1 month ago
Nigeria's future depends on adopting AI, according to the minister
Tech

Nigeria's future depends on adopting AI, according to the minister

Nigeria's Minister of Communications, Innovation and Digital Economy, Bosun Tijani, recently emphasized a crucial point: the nation's future hinges entirely on embracing artificial intelligence (AI). He firmly believes that AI isn't just a buzzword; it's absolutely vital for Nigeria's economic survival and its ability to compete globally in the long run.

Oct 7, 2025,1 month ago
Dubai hosts the largest IT expo in the world.
Tech

Dubai hosts the largest IT expo in the world.

Dubai is gearing up to host GITEX GLOBAL 2025, the world's biggest technology and artificial intelligence showcase. Kicking off on Monday at the Dubai World Trade Centre, this epic event will gather over 6,800 established enterprises and 2,000 innovative startups, representing a staggering 180 countries.

Oct 8, 2025,1 month ago

Comments (0)

Be respectful and constructive