What is a PayPal invoice scam?

Why PayPal Invoice Scams Pose A Threat

These scams are effective because, as noted above, they take advantage of the payment facilitator’s infrastructure. The invoices are sent via official PayPal channels—email, the PayPal app, or the PayPal website—which makes the payment request look more authentic.

Scammers typically target individuals and businesses with invoices for high-value purchases they never made. Common themes include antivirus subscriptions, tech support or crypto services, and invoiced amounts are often set in the hundreds of dollars to appear believable.

Here’s what makes the PayPal invoice scam a potential threat:

• Fraudsters rely on the fact that PayPal’s invoice system doesn’t trigger spam or phishing filters.
• Victims are directed to call a fake phone number rather than click a malicious link.
• Victims are often warned that the payment will be collected automatically, which increases panic, creates a false sense of urgency and reduces the likelihood of the victim scrutinising the request.

How The Scam Works, Step By Step

Once the scammer creates a PayPal Business account, they can generate and send invoices just like a legitimate vendor. From there, the process is as straightforward as it is deceptive.

A typical scam unfolds like this:

• Step 1. A fake invoice is sent to a PayPal user that references a purchase the recipient didn’t make. The invoice includes a note with a phone number that is often framed as PayPal customer service or billing support.
• Step 2. The user is prompted to call the number to dispute the invoice or cancel the payment.
• Step 3. The scammer then impersonates technical support staff from PayPal or another trusted service. They speak with professionalism to build credibility and often insist that an amount has already been processed (or is pending). They may also claim that the only way to reverse the charge is by following their instructions immediately.
• Step 4. The scammers use such claims to create pressure and panic—common social engineering tactics that motivate the victim to comply. Scammers typically ask victims to install remote access software, access their PayPal account or verify their identify with sensitive information.
• Step 5. Once the victim’s accounts have been breached, the malicious actor may steal funds, extract personal or financial data or attempt further fraud under the guise of a refund or cancellation.

This approach circumvents many of the red flags associated with phishing scams. There are no fake links or spoofed email domains; just a convincing message sent using a platform the recipient already trusts.

PayPal Invoice Scam Case Study

Over 2023 and 2024, numerous Reddit users reported receiving PayPal invoices from a company called Parisi Studios. Amounts ranged from $699.99 to almost $1300 in some instances.

In what appears to be a relatively sophisticated phishing scam, invoices were sent to suspicious email addresses such as noreplyyy5@donotreplymaster.com,  gmail4@donotreplymaster.com and derivations thereof. But they still landed in the legitimate inboxes of those targeted in the scam.

A contact number discrepancy was one of the main clues that the invoice was fraudulent. In the “Note from seller” section, fraudsters included a number with which to contact PayPal if the victim believed the invoice to be fraudulent.

However, this differed from the official fraud hotline number listed by PayPal at the bottom of the invoice.

 Part of the fraudulent invoice from a company purporting to be Parisi Studios (Source: Reddit)

The presence of a helpful number on the invoice lures the recipient into a false sense of security. What scammers bank on is that many will call it thinking they’ve stopped a scam in its tracks, only to expose themselves to further deception over the phone.

In this particular context, the scam revolves around Bitcoin transactions and cryptocurrency wallets. Victims have been asked to hand over sensitive information or install software that gives fraudsters remote control of their computer.

How to Protect Against PayPal Invoice Scams

These scams are designed to appear legitimate, but as we saw in the above example, a little caution and due diligence go a long way.

To stay protected:

• Always access PayPal through the official website or app. Never act on invoices without checking them in your account, and do not click on any links contained in the email or invoice note.
• Do not call the phone number listed on the invoice. If something looks suspicious, verify contact details with official sources.
• Report the scam by forwarding the invoice or email to phishing@paypal.com and cancel the request in your PayPal account.
• Never share login details and card information or install software at the direction of someone claiming to be PayPal support. Genuine employees will never ask you to do this.

In summary:

• PayPal invoice scams are effective because they exploit the trust and legitimacy of the PayPal platform. They allow scammers to bypass typical phishing filters and reach victims on seemingly authentic channels.
• These invoice scams rely mostly on impersonation. They use high-dollar invoices and fake customer support numbers to pressure recipients into calling and surrendering sensitive information.
• Awareness and verification are key to prevention. Always access your account through PayPal’s official site or app, never trust contact details listed in an invoice note and report anything suspicious directly to PayPal.