The scam that exploits Bitcoin and PayPal Invoice

PayPal Invoice is a service from the well-known payment gateway that allows people to create and send pro-forma invoices directly from their account: this time it was used to pull off yet another Bitcoin scam.  

This is a widely used system for requesting payments for professional services, since it also allows invoices to be customized. Those who do not have their own billing system and intend to get paid through PayPal can use it to easily create and send their own pro forma invoices. 

For some time now, Trend Micro has discovered that a scam has been circulating that tries to exploit the name PayPal Invoice and some cryptocurrencies, including Bitcoin, to steal money from the unwary.

The Bitcoin and PayPal invoice scam

From a strictly technical point of view, the scam is very trivial. 

In fact, it is perpetrated simply by sending a fake email with sender [email protected] asking for a payment in cryptocurrencies. 

Trend Micro also published a screenshot: 

scam bitcoin

In reality, the real sender is not [email protected], and the email is not sent from PayPal’s servers or computers whatsoever. In fact, there are easy-to-implement and easy-to-use technologies that allow emails to be sent by entering an email address at the sender’s convenience, so in fact anyone can easily send an email with [email protected] as the sender’s address. As a matter of fact, virtually anyone who wants to can send any email with any sender’s address. 

The email obviously contains payment details, so the person who receives it might actually think that someone has sent them an invoice from PayPal to pay. Instead, the PayPal Invoice pro-forma doesn’t even exist, and there is only a request for payment from the scammers, who will obviously collect whatever they are paid. 

Recognizing the scam involving Bitcoin and PayPal Invoice

Fortunately, it is very easy to recognize these scams. 

Although the sender may look like PayPal, it is actually known that PayPal does not allow cryptocurrency payments on external wallets. 

In other words, as soon as the email indicates an address outside PayPal as the public address to send cryptocurrencies to, it is 100% sure that it is a scam attempt already. 

What one should know is that all payments and all transactions involving PayPal take place only ever within their platform. Therefore the very moment a payment is requested outside of their platform it is very much certain that it is a scam attempt. 

Who cashes out

Since the public addresses of crypto wallets are anonymous, it is not possible to know to whom the cryptocurrencies would actually be sent. 

The scammers are counting on this very fact that it is not possible for investigators to figure out who is behind these scam attempts. 

However, investigators can publicly track any subsequent movements of the tokens once they have been sent to the public addresses listed in the scam emails, in the hope that the scammers will sooner or later make some mistake that makes them detectable. 

Typically the main mistake is to move them to a centralized exchange with a KYC requirement because in this case, the exchange’s internal wallet to which they are moved has associated the name and surname of a supposedly real person. It has already happened several times that various scammers have been framed in this way when trying to sell their cashed cryptocurrencies to exchange them for fiat currencies or stablecoins. 

The effectiveness of the scam

As strange as it may seem that such a scam could work, scammers are often ingenious and know well the vulnerabilities of their potential victims. 

Indeed, one of the features that sometimes make these attempts effective is that the invoice sent would appear to have to do with a commonly used service, or well-known brands. By sending huge amounts of spam emails to a very large audience, it is not unlikely that some of the recipients already have some form of contract or service provision in place that could justify a request for payment. 

Nonetheless, the fact remains that the moment PayPal appears to be requesting payment from outside its platform, one can be sure that it is a scam. 

Trend Micro adds other suggestions for how best to defend oneself. 

The first, of course, is to check the URLs of the links the email invites you to click on, because if they are external to PayPal they are clearly dubious. 

The second is to not trust what is stated within the email, and instead go check directly on the official PayPal website. If the email address with which one’s account is associated is the same as the one to which the email was sent, then if the pro-forma invoice was actually sent by PayPal it would also show up on the website once logged in. 

The third piece of advice is even more drastic: never click on links or call phone numbers listed in suspicious emails.


Source: https://en.cryptonomist.ch/2022/12/15/scam-exploits-bitcoin-paypal-invoice/