Don’t Fall for the Fake PayPal Billing Department Invoice Scam
Written by: Thomas Orsolya
Published on:
A menacing email pops up in your inbox, emblazoned with the familiar PayPal logo. It claims you owe $1000 for an unauthorized Walmart gift card order. You never bought any gift cards, but the email threatens to suspend your account if you don’t pay up fast. Is this real, or is PayPal getting downright sinister with their billing tactics?
You have ample reason to be suspicious. This dubious email scam has PayPal users seriously questioning whether it came from the real deal or imposters out to steal their hard-earned money. Don’t let panic push you into reacting without scrutinizing the message first.
This guide will uncover the truth about these fake PayPal billing emails and invoices, providing tips to avoid becoming another financial fraud statistic…
This article contains:
Overview of the PayPal Billing Department Scam
The PayPal billing department scam begins with an email containing a fake invoice. The messages claim there is an outstanding payment due for an unauthorized transaction, often mentioning a large purchase of gift cards or other unusual activity.
The email will include the PayPal logo and branding, making it appear credible at first glance. Some key elements that point to it being a scam:
Request for immediate payment: Scammers want to spur you into urgent action before you realize it’s a scam.
Suspicious transaction details: Large gift card orders or other atypical purchases are mentioned to trigger alarm.
Threat of account suspension: The email threatens account suspension if you don’t act quickly.
Phone number included: A “support number” is provided to call about resolving the issue. This leads victims right to scammers.
If you call the number, you’ll reach a fake PayPal support center operated by scammers. Their ultimate goal is to remotely access your computer and accounts to steal money and compromise your identity.
How the Scammers Carry Out the Billing Department Deception
The PayPal billing scam shows remarkable sophistication in its execution. Scammers are strategic in using urgent threats and social engineering to manipulate victims.
Here’s how they pull off the deception:
Crafting Deceptive Emails
Scammers use the official PayPal logo and email templates to appear credible.
The sender email often spoofs a legitimate PayPal address.
Invoice attached to make the outstanding payment demand seem real.
Threatening urgent language conveys the need for immediate payment.
A customer support number is provided to call for resolving the fraudulent charge.
The emails are designed to instill concern that your account is compromised. Most people have PayPal accounts, so the scam tugs at a real nerve.
Operating the Fake Call Centers
When you call the number, you reach an offshore call center staffed by scammers pretending to be PayPal representatives. They have several tactics:
Use ** Poor English** to claim they are foreign support reps.
Cite the invoice urgency to keep you anxious.
Request remote access to your device via screensharing apps to resolve the security threat.
Once accessing your device, they install malware and collect personal/financial data.
Try to convince victims to buy gift cards for avoiding account suspension, then steal the redemption codes.
May initiate transfers from your bank account without authorization.
The scammers leverage the call interaction and remote access to systematically rob and defraud victims who believe they are speaking with a real PayPal agent.
Anatomy of the PayPal Billing Department Scam Emails
To help you instantly recognize these fraudulent emails, let’s break down the common elements contained in the scam messages.
Sender Details
The sender email address is spoofed to appear like an official PayPal notification:
Addresses often include “service@paypal”, “support@paypal”, or “billing@paypal”.
Some use more random addresses like “peterwong2568” to bypass spam filters.
The name shown may say “PayPal Billing Department”, “PayPal Support”, etc.
But on closer inspection, the address is completely fake, often using an email domain that doesn’t even exist.
Subject Line
Subject lines always indicate an urgent payment update, such as:
Update Your PayPal Invoice
Your PayPal Invoice
PayPal Account Limited
PayPal Account Update
Payment Overdue on Your PayPal Account
These subject lines aim to get your urgent attention so you open the email. Anything indicating an “update” or “payment” related to your PayPal account is suspicious.
Email Body Content
The scam email bodies all follow a similar template. Here are some key traits:
PayPal logo prominently shown to establish legitimacy.
A 6-digit invoice number at the top to make it look like a real bill.
Your name, email, and partial account number displayed to seem credible.
Reason for payment explained, like a gift card order you didn’t place.
A payment deadline, usually 24-48 hours, to create urgency.
Threat that failure to pay will result in account suspension.
A U.S. toll-free number provided to call for resolving the issue.
Official-looking PayPal email footer and fine print to bolster authenticity.
This structured email content plays on fear and urgency to trick you. But awareness of these exact templates makes them easy to detect.
Attached Invoice
The scam email usually includes an attached invoice file to legitimize the payment demand:
Invoice is PDF or DOC format.
Lists your name/address to look real.
Shows large unrecognized transaction like gift card order.
Provides the scammer’s phone number to call.
Displays fake PayPal letterhead/logos.
Uses lots of official jargon to seem credible.
Don’t open the invoice attachment, as it may contain malware. These invoices can look convincing, but it’s all fabricated.
Here is how a scam email may look:
Invoice Update
Billing Department of PayPal update your invoice
Ammount dues: $1.000 USD View and Pay Invoice
Note from Billing Department of PayPal:
There is evidence that your PayPal account has been accessed unlawfully. $1,000 has been debited to your account for the Walmart eGift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number +1 (888) 322-2661 or visit the PayPal Support Center area for assistance. Our Service Hours: (06:00 a. m. to 06:00 p. m. Pacific Time, Monday through Friday)
How the PayPal Billing Scam Unfolds
Now that you know the trademarks of the scam emails and invoices, let’s walk through the typical sequence of how the full billing department scam plays out at each stage:
Step 1: Fraudulent Email Received
You receive an email claiming to be from PayPal, urgent subject line, spoofed sender address, suspicious transaction indicated, threat of account suspension, and a phone number provided.
This is aimed to worry you into hastily calling the number. Remain calm and recognize it’s a scam before even calling.
Step 2: Call Connects to Fake PayPal Call Center
If you call the number, an offshore call center answers pretending to be PayPal support. The scammer cites the fraudulent transaction and urges you to provide remote access to your device to resolve the supposed security compromise.
At this point hang up immediately, as you are certainly speaking to scammers posing as PayPal agents.
Step 3: Scammers Gain Remote Access to Your Device
Once you allow remote access to your computer, they take control to steal data and install malware. This grants them unfettered access to your sensitive information.
They may run programs that sweep for passwords, financial account info, and personal identity data. Or they install keylogger malware to continuously harvest what you type.
Step 4: Demands for Gift Cards and Bank Transfers
With you on the phone and remote access established, the scammers pivot to outright theft.
They may pressure and deceive victims into purchasing gift cards for avoiding account suspension. Then they steal the card codes to quickly drain the funds.
Scammers can also directly access your bank account to initiate fraudulent transfers. Or they harvest account credentials for future theft.
Step 5: Identity Theft and Financial Fraud
With all the sensitive data scammers extract from your device and accounts, identity theft and financial fraud is sure to follow.
They can open fraudulent lines of credit, file fake tax returns, clone your cards for purchases, and commit any number of crimes under your identity.
And they can continually siphon money from your bank accounts given the credentials they stole. The devastating fallout can continue for months or years.
Warning Signs You’ve Received a Fake PayPal Invoice
If you receive an email demanding payment on a PayPal invoice, watch for these 7 tell-tale indicators it’s a scam:
There’s an urgent deadline of 24-48 hours to pay. Real PayPal wouldn’t set such a short deadline.
You’re threatened with account suspension if payment isn’t received. PayPal would never suspend you without multiple notices.
The email contains a customer support number. PayPal always directs you to login to your account, not call.
The sender address looks like service@paypal.com or billing@paypal.com. These aren’t real PayPal addresses.
There’s an invoice for an expensive gift card order you never placed. Scammers use this false charge to trick you.
The email refers to a “limited” or “suspended” account. PayPal would say “restricted” or “frozen” instead.
There are spelling/grammatical errors. PayPal is a professional company that would never make such mistakes.
The message includes threats of criminal action. PayPal does not threaten law enforcement.
You don’t recognize the 6-digit invoice number. All your real PayPal invoices would be familiar numbers.
The invoice shows the money deducted from your account already. PayPal always bills you before deducting funds.
Stay vigilant looking for these scam indicators in any emails claiming to be from PayPal’s billing department. If an email looks suspicious, report it as phishing/spam and ignore it.
What to Do if You Receive a Fake PayPal Invoice
If you receive an email with a suspicious invoice demanding payment, take these steps:
Do not click any links or attachments in the email. They may contain malware.
Do not call the phone number in the email under any circumstances. It will reach scammers.
Report the email as phishing/spam to your email provider. This helps get scam domains blocked.
Search online for key phrases from the email to confirm it’s a widespread scam campaign.
Forward the email to PayPal at spoof@paypal.com so they can investigate scam attempts.
Place alerts on your credit reports and financial accounts in case your info was compromised.
Change passwords on all financial, email, and social media accounts as a precaution.
Always log directly into your PayPal account to view billing notices. Never use contact info from an incoming email.
With quick precautions, you can avoid becoming a victim. The scammers are hoping you act fast while worried and forget to think it through. Stay calm and take measures to protect yourself.
What to Do if You Already Fell for the Scam
If you called the number and provided personal information or remote access, don’t panic. Here are the important steps to take right away if you fell victim:
Immediately Contact Your Financial Institutions
Alert your bank and credit/debit card companies that your accounts may be compromised. They can freeze your cards, block fraudulent transfers, and monitor for suspicious charges.
Change All Passwords and Enable Two-Factor Authentication
Secure your online accounts by changing passwords and enabling additional login protections like two-factor authentication. Prioritize financial accounts and your email.
Scan Devices for Malware and Wipe Remotely
If scammers accessed your computer, scan for malware using security software. Wipe and restore any devices accessed remotely using the screensharing app.
Place Fraud Alerts on Credit Reports
Contact Equifax, Experian and TransUnion to place fraud alerts on your credit reports. This makes it harder for scammers to open new fraudulent accounts. Monitor your reports.
Reset Security Questions and Answers
Scammers may have harvested the personal details needed to reset your account passwords. Proactively reset your security questions/answers on financial and email accounts.
Contact PayPal To Secure Your Account
Contact PayPal’s real customer service via their official website to lock down your account. Verify no unauthorized changes were made and no funds stolen.
Report it to the FTC and Local Authorities
File a scam report with the FTC to help authorities stop these criminals. You can also contact your local police department to file an incident report.
While falling victim to this scam can be scary, take swift action to limit the damage. Reporting the crime also helps prevent others from being scammed.
How to Avoid Falling for the PayPal Billing Scam
Diligent awareness of these scam indicators will keep you protected:
Know legitimate PayPal emails: They never include attachments or urgent threats requiring quick action. Log in to your account if you get any billing notice.
Analyze sender details: Fake addresses like “service@paypal.com” should raise red flags. Verify the full email and name.
Question urgent threats: Scammers want to panic you into acting rashly. PayPal gives reasonable time to address any issues.
Never call random numbers: Only use official contact info listed on PayPal’s real website if you need assistance. Don’t call numbers in emails.
Avoid unrecognized invoices: If you don’t personally recognize the invoice number and transaction details, it’s surely fake.
Watch for poor grammar/spelling: Real PayPal emails are professional with no obvious errors.
Stay vigilant against invoice payment scams and verify any suspicious bills through official account login and customer service contacts. Avoid acting in haste so scammers can’t take advantage of fear or confusion.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Frequently Asked Questions About the PayPal Billing Scam
1. How can I tell if a PayPal billing email is fake?
Fake PayPal emails often come from non-official email addresses like service@paypal1x.com. They contain urgent threats of account suspension and request immediate payment by phone. Real PayPal notifications allow reasonable timeframes to address issues by logging into your account. Fake invoices also show unfamiliar transaction details not visible in your account activity.
2. What happens if I call the phone number in a fake PayPal email?
The numbers in scam emails lead to offshore call centers where criminals pretend to be PayPal support. They will request remote access to your computer and then install malware, steal personal data, and siphon money from your accounts. Never call phone numbers provided in suspicious emails.
3. Why do scammers ask for gift cards in the PayPal billing scam?
Once scammers gain remote access to your device, they pressure victims to purchase gift cards to avoid supposed account suspension. By stealing gift card codes, scammers can quickly drain the funds which are nearly impossible to recover.
4. How do I report fake PayPal emails and invoices?
Do not click any links in scam emails. Report them as phishing to your email provider. You can also forward scam emails to PayPal at spoof@paypal.com. File a complaint with the FTC and your local police to help prevent others being scammed.
5. What precautions should I take if I provided scammers remote access?
If you allowed scammers to remotely access your device, immediately change all account passwords and freeze financial accounts. Scan devices for malware, wipe any remotely accessed devices, and place fraud alerts with credit bureaus to prevent identity theft.
6. How can I avoid falling for the PayPal billing scam?
Always log directly into your PayPal account to view billing notices instead of trusting emails. Analyze the full sender details of any notifications. Question any urgent threats or short deadlines. Never call random phone numbers in emails or provide remote access to your computer.
7. What should I do if PayPal suspends my real account?
If your actual PayPal account becomes restricted, log in and check the notification for clear instructions on next steps. Reasons could include suspicious activity or owed debt. Contact official PayPal customer service to resolve any account limitations.
8. Why does PayPal request remote access to my computer?
PayPal will never contact you requesting remote access to your computer. Any call, email, or notification asking to screenshare or use remote tools is an immediate red flag for a scam attempt. Remote access should only be provided to credible parties like your own IT department.
9. Is it safe to pay a PayPal billing notice by phone?
No, never make payments strictly via phone call, especially in response to an email notification. Log into your account to confirm any payment demands are legitimate. PayPal always allows payments directly through account login, not just by phone.
10. Can PayPal really suspend my account over fake invoices?
PayPal will never suspend your account without multiple notifications and a reasonable timeframe to address issues. Dire urgent threats of suspension in an email or call are telltale signs of a scam. Contact PayPal through official channels to confirm status if worried.
The Bottom Line
The PayPal billing department scam demonstrates how convincing phishing attempts can be. But with knowledge of the scam hallmarks, you can equip yourself to recognize and report fraudulent emails. Never call random numbers in emails or provide any form of remote access to your device.
If you ever have questions on the validity of a PayPal notification, log directly into your PayPal account. Use the official customer service contact options through their real website. With smart security habits, you can frustrate these scammers’ efforts and protect your finances.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
