Don’t fall for the Caymay Press Paypal Invoice Email Scam

Have you received an email that appears to come from Service@PayPal which says you have successfully placed an order for an expensive item like a laptop or iPhone using your PayPal account? The email then states that the order has been billed to you and includes an invoice from “Caymay Press”? Beware – this is a phishing scam designed to steal your money and personal information.

scam 4 1

Overview of the Scam

This phishing email is carefully crafted to look like it is from PayPal’s billing department. The scam works by tricking recipients into calling a fake customer support number listed in the email. The number connects you to a scammer posing as PayPal support. They will then try to convince you that the charge is real and have you pay the fake invoice. Victims end up paying money for items they never purchased.

The scam email contains several red flags that indicate it is not legitimate:

  • The phone number provided is not PayPal’s real billing contact number.
  • The transaction ID does not show up when checking your PayPal account.
  • There are grammatical errors throughout the email.
  • The sender address does not match PayPal’s actual email addresses.

How the PayPal Invoice Scam Works

The PayPal invoice scam employs clever social engineering techniques to steal money and sensitive information from victims. Here is an in-depth look at how the scam operates:

Step 1: Victims Receive a Phishing Email

The scam starts with an email sent to the target’s inbox. The message appears to be from PayPal with the sender address “Service@PayPal.com”. The email states that the recipient has successfully placed an order for an expensive item like a TV or iPhone.

It includes a fake transaction ID and an invoice from “Caymay Press” charging them for the purchase. The total is usually $500 or more.

Step 2: Email Directs Victims to Call a Fake Support Number

The email urges recipients to call a customer support number immediately to resolve the billing issue. But the phone number actually connects to the scammers.

Step 3: Scammers Pose as PayPal Support to Carry Out the Scam

When victims call the number, the scammers impersonate PayPal billing staff. They confirm that the invoice is valid and pressure the target to pay it right away.

The scammers insist the charge is for a real order placed on the victim’s account. Their goal is to convince the person that the billing error was on PayPal’s end, not a scam.

Step 4: Scammers Request Payment and Account Access

Once the victim is persuaded the invoice is real, the scammers begin extracting money and information. They may request credit card details to process an immediate payment for the fake invoice.

In other cases, they have victims login to their PayPal account on a phishing site to issue a refund. The scammers can then steal the entered login credentials to take over the account.

Some scammers pretend to “accidentally” refund too much money. They will contact the victim again asking them to return the overpayment.

Step 5: Installation of Remote Access Software

In addition to stealing payment info and account access, scammers may try to install remote access software like AnyDesk on the victim’s computer.

They convince the target this is necessary to process refunds or cancel the invalid order. But the software actually allows the criminals to control the computer remotely and steal personal data.

What to Do if You Get This Scam Email

If you receive an email about an unexpected PayPal invoice, here are important steps to take:

  • Do not call the number in the email, as it will connect you to scammers.
  • Check your PayPal account by logging into your real account at paypal.com. Look for the transaction ID from the email. If it doesn’t exist, it’s fake.
  • Report the email as phishing to PayPal directly so they can investigate. Forward the email to phishing@paypal.com.
  • Do not click any links in the scam email, as they may contain malware.
  • If you already paid the invoice or gave account access, contact PayPal support immediately to close the account and dispute the charges.
  • Scan your computer for malware if you clicked any links or downloaded files from the email.
  • Change passwords for your PayPal account and any other accounts that use the same password. Enable two-factor authentication if possible.
  • Watch for further scam attempts, as victims often get targeted multiple times.

Frequently Asked Questions about the Caymay Press PayPal Invoice Scam

1. What is the Caymay Press PayPal invoice scam?

The Caymay Press PayPal invoice scam is a phishing scam where victims receive a fake email pretending to be from PayPal. The email states that the victim placed an order for an expensive item like a TV or laptop and now owes money to Caymay Press. It includes a fake invoice and transaction ID. The email urges the victim to call a phone number to resolve the issue, but the number actually leads to a scammer impersonating PayPal support. Their goal is to trick victims into paying the fake invoice or giving up sensitive information.

2. How do I recognize the fake PayPal invoice email?

Some red flags that indicate the email is a scam include:

  • The sender email address does not match PayPal’s actual billing addresses (service@paypal.com or member@paypal.com).
  • There are grammatical errors and typos throughout the email.
  • The transaction ID in the email does not show up when you log in to your actual PayPal account.
  • The customer service number goes to scammers, not real PayPal support.

3. What happens if I call the customer service number?

The number in the scam email leads to fraudsters posing as PayPal billing staff. They will try to convince you that the invoice is valid and pressure you to pay it right away. The scammers may request your credit card number, login credentials, or remote access to your computer in order to process the payment. Provides any of this sensitive information will result in identity theft or stolen funds.

4. What techniques do the scammers use on the phone?

The scammers will insist the invoice is for a real purchase made on your account. They may pretend to accidentally refund too much money, then contact you again to have you return the overpayment. Scammers may also persuade victims to install remote access software under the guise of processing refunds. This actually gives the criminals control over your computer remotely.

5. Should I click any links in the scam email?

No, you should never click links in suspected scam emails as they may contain malware. Even clicking a link to a fake PayPal site can expose your computer or device to malicious software designed to steal personal data. Always go directly to paypal.com by typing it into your browser if you want to check your account.

6. How can I protect myself from this scam?

If you receive a suspicious PayPal invoice email:

  • Do not call the phone number or click any links in the email.
  • Log directly into your PayPal account to check for the invoice/transaction ID.
  • Forward the scam email to PayPal at phishing@paypal.com.
  • Contact PayPal support if you already paid a scammer.
  • Change your PayPal password and enable two-factor authentication.
  • Watch for further phishing attempts using different scam stories.

7. What should I do if I already fell for this scam?

If you already paid the invoice or gave the scammers access to your PayPal account, contact PayPal immediately to close the account and dispute the charges. Also watch for unauthorized charges on your linked credit cards or bank accounts. You may need to cancel those cards to prevent further misuse. Run antivirus software to check your computer for malware. Enable login alerts on your accounts and monitor your credit reports for signs of identity theft.

The Bottom Line

The PayPal invoice scam is a dangerous phishing attack that can result in money loss and identity theft if recipients fall for it. Always exercise caution when receiving emails about PayPal billing problems. The best defense is verifying any supposed charges directly within your PayPal account first before taking any requested actions. Being aware of the scam’s warning signs like grammatical errors and spoofed sender addresses can also help identify and avoid it.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.