Have you ever received a PayPal invoice that you didn’t recognize? Did that invoice list a large sum of money due to some place like Coinbase Billing? You are not alone, read below to learn more about this type of scam (What is it and how do I fix this?)

Before I dive into the email and what I did and what I learned - know that this type of fraud would be considered “phishing” (not the band). This means that your money is safe so long as you do not click on or send anything to the fraudster.

The information below is meant to educate you and hopefully help reduce any concerns!

phishing

noun

phish·​ing ˈfi-shiŋ 

: the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly

Now for the email (your invoice may look slightly different):

Looking closely at the email, it is definitely an invoice from PayPal - the email address it came from is “service@PayPal.com”

Now, I did not do any business on Coinbase recently, so I knew this was not completely legitimate. I also haven’t used my PayPal in years. My next step was to go to PayPal.com and make sure to see what is happening there.

BE CAREFUL WHEN GOING TO THE WEBSITE OR CALLING ANYONE WITH FRAUD LIKE THIS!

Phishing attempts regularly employ links that look legitimate but lead you to a fake PayPal website

One way to try to verify links is to “hover” your mouse over the links and see what pops up (DO NOT CLICK - move the mouse over the link and your browser will show you what the address is). Best practice is if you THINK something is a phishing attempt, do not even click the links if the LOOK legitimate. If it looks like fraud, work directly with the company that you know is legitimate: PayPal.com

Phishing attempts regularly give fake Contact information possibly leading you directly to the scammers

You do not want to work with the scammers whatsoever, especially in a phishing attempt. Generally these fraudsters do not have as much information on you as you may think, therefore you do not want to contact them and potentially give them more. Phishing attempts can be highly sophisticated and look incredibly real.

The issue with the email I received was not that it came from an illegitimate source, the email was an automatic PayPal notification about an invoice. If you take a look again at my email below you will see that the contact information given on the email does NOT match the actual contact information for PayPal

As an anxious person myself, I wanted to make sure to contact PayPal myself to ensure my account is safe. I went directly to their website to get the phone number and was connected to a Customer Service Representative rather quickly. Here is what I learned from this PayPal Representative:

1. An invoice from PayPal is just a request for payment from someone else. According to PayPal, all a user needs to send an invoice is an email address. This means only your email address was “leaked” to the scammers.

2. You would need to “pay the invoice” in order to risk your money - so you can ignore the invoice since it is just a scam

3. You do not need to change passwords, but it would be smart to change them if it’s been awhile. It is smart to add security features to your account as well if you haven’t already (setting up security questions AND multi-factor authentication with your phone number)

4. You SHOULD report this phishing attempt to PayPal for their tracking to better improve the system for others. According to their website today, there is a special email address (phishing@paypal.com) to forward the phishing attempt.

Ultimately you shouldn’t be too scared of a phishing attempt, just be cautious. It can definitely be scary to see you owe someone hundreds of dollars - just know that no money is moved when you receive an invoice itself.

Always be cautious, whether with your personal email or company email - phishing attempts have gotten more sophisticated and trick even the smartest of computer users.

When in doubt, go directly to the source (in this case PayPal) and NEVER click links or call phone numbers you find on a “phishy” email.