Exposing the Highland Armory PayPal Invoice Phishing Attack

Photo of author

Written by: Stelian Pilici

Published on:

A new phishing scam involving fake PayPal invoices purporting to be from “Highland Armory Inc.” is circulating via email. This fraudulent email claims the recipient has sent a payment of $799.99 to Highland Armory, an online retailer selling medieval and fantasy goods that does not actually exist.

The fake invoice includes a bogus telephone number and is intended to trick recipients into calling the number and providing sensitive account information. This allows scammers to gain access to PayPal accounts and make fraudulent transactions.

This article will provide an overview of how the Highland Armory PayPal phishing scam operates, how to identify fraudulent emails, steps to take if you received a fake invoice, and tips to keep your PayPal account secure.

Scams

How the Highland Armory PayPal Invoice Scam Works

The Highland Armory scam email contains an invoice falsely claiming the recipient sent a payment of $799.99 to a non-existent company called “Highland Armory Inc.” The scam message is made to look like an official PayPal purchase receipt.

Here is how the Highland Armory Inc. PayPal scam email looks:

ou sent a payment of $799.99 USD to Highland Armory Inc.

Hello,

This charge will appear on your bank statement as payment to PAYPAL *Highland Armory Inc.

Save time with a PayPal account

Create a PayPal account and save your payment information. You won’t need to enter your payment information every time you shop online.

Sign Up Now

Shop with confidence

We keep your financial information secure.

Transactions monitored 24/7Our fraud specialists help protect your account.

You’re protected

Zero fraud liability for eligible unauthorized purchases.

Merchant information:

Highland Armory Inc. Instructions to merchant:

None provided

Shipping information: Shipping method:

Not specified

Description Unit price Qty Amount

Online Order $799.99 1 $799.99

Total: $799.99 USD

Receipt No:

Please keep this receipt number for future reference. You’ll need it if you contact customer service at PayPal.You have 24 hours from the date of the transaction to open a dispute.For assistance Call +1 801 753 9482

However, there are several red flags that indicate the email is fake:

  • The company name “Highland Armory Inc.” does not exist. There are no legitimate businesses by this name selling goods online.
  • The email includes a suspicious phone number (+1 801-753-9482) and urges the recipient to call for assistance. Real PayPal invoices do not include telephone numbers.
  • Grammar and formatting errors are present, suggesting the email is not from PayPal.

The email tricks users into calling the phone number for “assistance.” However, this allows scammers operating the number to pose as PayPal agents. They will then ask for personal information or request remote access to your computer.

Providing any data permits scammers to gain entry into your PayPal account and make unauthorized transactions. The fake call center operators may also install malware on your device to harvest financial information.

How to Spot The Highland Armory PayPal Invoice Scam

While this scam email mirrors the look of a legitimate PayPal invoice, there are a few key signs that reveal it is fake:

  • Unknown seller: Pay attention to the merchant’s name. “Highland Armory Inc.” is completely fabricated.
  • Suspicious contact number: Real PayPal invoices never include phone numbers. Any message urging you to call for help is a red flag.
  • Spelling and grammar mistakes: Poor writing quality indicates the email is not from PayPal.
  • Generic greetings: Phishing emails use broad greetings like “Hello” instead of your name.
  • Sense of urgency: Scammers want to alarm you into calling quickly before you discover the scam. Messages insist you act fast.
  • Weird transaction details: The item(s) purchased and dollar amounts look suspicious or illogical.

Always log directly into your PayPal account to view transactions. Never call numbers, click links, or reply to suspicious emails even if they appear to come from PayPal.

Avoiding the Highland Armory PayPal Invoice Scam

Here are some tips to avoid falling for this invoice phishing scam:

  • Check sender’s email: Emails from PayPal will always come from an @paypal.com domain. Messages from odd addresses are scams.
  • Beware suspicious links/attachments: Don’t click links or downloads in suspicious emails claiming to be from PayPal. Type paypal.com directly into your browser.
  • Verify transactions in account: Log into your PayPal account frequently to check your actual transaction history for any unauthorized activity.
  • Use two-factor authentication: Enable two-factor authentication for your PayPal account. This adds an extra layer of security to your logins.
  • Watch for poor spelling/grammar: Legitimate PayPal emails will not contain awkward phrasing or spelling mistakes.
  • Don’t call or reply: Never call phone numbers, reply to, or forward suspicious emails. Report them as phishing instead.
  • Keep software updated: Maintain up-to-date antivirus software and operating system patches to protect against malware.

What to Do If You Received the Fake Highland Armory PayPal Invoice

If you have received a fraudulent Highland Armory PayPal invoice, take the following steps right away:

  • Do not call the phone number in the email under any circumstances. The number is operated by scammers.
  • Log into PayPal directly through paypal.com to view your transactions. Check for any unauthorized payments.
  • Forward the scam email to PayPal’s phishing email address: phishing@paypal.com.
  • Report the scam to the FTC at ReportFraud.ftc.gov.
  • Change your password for PayPal by going to your account settings. Make sure it is long and complex.
  • Enable two-factor authentication if you have not already. This adds a second step to logging in for enhanced security.
  • Carefully monitor your statements over the next few weeks for any suspicious activity. Report unauthorized transactions right away.
  • Run a virus scan to check if malware was installed from the fake email.

What to Do If Your Account Was Compromised

If scammers obtained access to your PayPal account, take more significant steps to secure it:

  • Contact PayPal immediately and report unauthorized account access. Work with their security team.
  • Change your password again. Make it completely new and hard to guess.
  • Review recent transactions in your account history and dispute any fraudulent ones.
  • Place a hold on the account if scam charges are pending. This prevents withdrawals.
  • Consider adding limits on transaction amounts from the account settings.
  • Cancel any linked payment methods like credit cards and bank accounts. Scammers may have added their own payment sources.
  • Remove saved login devices. Delete any unfamiliar or suspicious browsers/devices shown in your account settings.
  • Run anti-malware scans to remove any potential keylogging/info-stealing malware on your computer.

Conclusion

The fake Highland Armory PayPal invoice scam shows why it is critical to be cautious when receiving supposed financial emails andTexts. Always verify the legitimacy of any communication asking for your personal information or account access.

Following basic security practices like using strong unique passwords, enabling two-factor authentication, and monitoring your transaction activity can help protect you. Report any phishing attempts and be alert for new scams.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment

Previous

Zeyiuor.com Review: Why You Shouldn’t Shop at This Site

Next

Beware the Bella Heather Missing Girl Scam on Facebook