I got two seemingly unrelated emails today notifying me that I have PayPal payment requests. I do have a PayPal account. There is a link in each email to go to PayPal to make payment. The link is for a paypal.com URL so on the surface the URL seems legit (the payment request itself is definitely not legit). It prompts me to login, but it does this even if I am already logged in on another tab, which I would not expect. But I’m not going to login to that page just to see what happens in case it’s a clever way of harvesting credentials.
But I can’t figure out the end game here. Are they somehow capturing my credentials? Or are they trying to get me to make a payment? If I just login to PayPal there are no payment requests.
They also both are from different vendors, but in the “Note from ” section they give the same 855 phone number to call. Maybe they are just trying to get me to call the number.
A common trick is something like “paypal dot com dot paymentrequirednow dot com” so the words appear there, but don’t go where you think they do. Plus, a string of text can say anything and have a link connected behind it to take you anywhere else.
I got these and I think they are generating an actual PayPal payment request email and then repurposing it for the scam.
What they probably want you to do is to call the help number included in the scam email and that’s when they’ll try and get you. Is there a phony-seeming help number?
I have to admit, these are really well done scams.
ETA: For example, here’s what one of mine says:
Amount requested
$899.99 USD
Note from Excellens Lawncare:
Due to a PayPal server problem, we approved a transaction without your permission. We’re sorry for the inconvenience. For a refund, contact PayPal immediately at 1(855) 314-4565.
Or, if the request is real…pay it. It’s not uncommon for scammers to send random invoices to businesses on the off chance someone will pay it without asking questions. At my place, a few times a year, we’ll either get entirely bullshit ‘invoices’ (ie toner) or quasi-bullshit letters* designed to look like an important bill that needs to be paid soon. In any case, I’ve gotten a few of the paypal things (at my work paypal address) and I just assume it’s this same thing. Send a bill, see if someone pays it.
When it’s happened to me, it all appeared to come through paypal, if the invoice isn’t there when you sign in, it’s possible TPTB at paypal picked up on the scam and removed the fake invoices.
*I found these images on the internet, but these are the same letters from the same companys that I get them from. Imagine working accounts payable in a medium sized business and getting this letter. You could track down whomever handles this and ask them, or you could pay it because it’s due soon and you don’t want to lose the domain name. The scammers are hoping for the latter. Yes, it clearly says it’s not a bill, but plenty of people won’t see that and, IMO, it’s designed to deceive.
I think that when I clicked it, PayPal didn’t know about the payment (I wasn’t logged in). Anyway, here’s another request, which again has a call number:
That one shows xn–pypal-gra . com on the bottom of the browser. I mean, I was really looking closely, looking at the hover links, etc. My brother took a look. It’s really a paypal link, to the best of my ability as a longtime computer guy.
Yeah, they want you to call the number, that’s it. But the email looks really genuine.
I don’t see any trace of these invoices when I log into my PayPal account. I would think if there were any invoices they would make them straightforward to find. (I am not going to login by clicking a link in the email, even if the URL seems legit.)
