University Technology recently has become aware of a new scam in which fake invoices are being sent via PayPal. Individuals who regularly handle invoices as part of their job may be especially vulnerable to this scam.
These scams most commonly appear as email messages saying you have received an invoice via PayPal. If you then click the link and pay using your PayPal account, your money is then transferred to the scammer who sent the invoice.
How does the scam work?
This scam relies on the fact that these fake invoices aren’t technically fake at all: They are real PayPal invoices, created by fraudsters to mimic an invoice from a real entity like GoDaddy or the World Health Organization.
Because the invoice appears to come from a well-known and reputable organization, you may believe the invoice is legitimate and pay up without thinking. Because the invoices are real PayPal invoices (albeit created fraudulently), once you click “Pay” your money will be automatically transferred via your PayPal account to the fraudster.
If you receive an invoice that can’t be tied to a specific purchase or work order, be skeptical, and don’t succumb to time pressure. Reach out to contact the entity the invoice is purportedly from (look for their contact info online; do not contact the person who sent the invoice directly) to confirm its legitimacy.
I fell for this scam. What should I do?
While it may not be possible to retrieve your money, the best chance is to file a dispute with PayPal for fraud:
- Go to PayPal’s Resolution Center
- Click “Report a Problem”
- Scroll through your list of transactions until you come across the fraudulent invoice. Click the white bubble next to the listing and click “Continue” in the bottom-right corner
- Follow the onscreen steps to complete your dispute
How to spot a scam
No matter what form they take, scams often have common warning signs you can watch for, including:
- Requests for money or personal information
- Not addressing you by name
- Spelling and grammatical errors
- The promise of easy rewards (or harsh penalties)
If you have any questions about the validity of an email, contact infosec@case.edu or the University Technology Service Desk at 216.368.HELP, help.case.edu or help@case.edu.