Discover how cybercriminals are exploiting real PayPal email addresses to send fake invoices.
In this week’s scam, cybercriminals are using a clever trick that makes their phishing emails seem more real than ever. You receive an email from a real PayPal email address. The email contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge. Even though the email comes from a real PayPal email address, this is actually a scam.
Cybercriminals create a PayPal account and use it to send you a fake payment invoice. The email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal’s support team. Instead, your call will be answered by a cybercriminal who will pretend to work for PayPal support. They will try to trick you into giving them your credit card information for a “refund,” or trick you into paying a fee to fix your account!
Tips to Stay Safe
Follow these tips to avoid falling for this phishing scam:
- If you receive an unexpected PayPal invoice, log in to your account on the official website or app to verify if it is legitimate.
- Remember to be wary of unusual emails, even if they come from what appears to be a genuine email address. Be suspicious of any unexpected bill or urgent request for money.
- Don’t call the phone number listed in a suspicious email. If you have any questions or concerns, always use the official customer support number on the organization’s real website.
Stop. Look. Think. And don’t be fooled.

Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.