How To Protect Your Business From PayPal Invoice Scams

Photo by Clint Patterson on Unsplash

It’s not just big businesses that need to worry about fraud and scams. Small businesses are equally at risk of losing vital data and money to online fraudsters and their infamous schemes. 

In 2022 alone, the Federal Trade Commission (FTC) reported approximately 8.8 billion dollars worth of losses to online scams. 

This startling statistic highlights the growing importance for business owners to take measures to safeguard and protect their businesses from such threats. 

As such, we have compiled this article to teach you how to protect your business from scams, specifically, PayPal invoice scams that have recently been showing up in business and personal email accounts.

What Is A PayPal Invoice Scam? How Does It Work?

PayPal invoice and payment request scams are designed to deceive PayPal account holders into paying for a product or service they never ordered or divulging personal and financial information over the phone. 

PayPal invoice scams can, in fact, happen in three different ways:

1. You receive an invoice or payment request email through PayPal from a business for a product or service that you never ordered.
2. You receive an official-looking email invoice through PayPal with a ‘note to customer’ that asks you to call a fake customer service number to resolve an account issue or settle a payment. 
3. You receive an email that looks like it has come from a real Paypal email account which has a link to review and pay the invoice and an alarmist note at the bottom designed to trick you into calling the customer support helpline.

The purpose of these types of PayPal scams is to get you to pay for a fake invoice or call a fake customer service number. 

If you do call the number, the person on the other line will likely act as a PayPal employee and try to pry personal and financial details from you over the phone. 

How To Protect Your Business From PayPal Invoice Scams?

For many online businesses, PayPal is their default payment processor, and as such it is important to be aware and wary of such PayPal invoice scams. Knowing these types of scams exist in the first place, is the first step towards avoiding them.

If you receive an email invoice or payment request through PayPal that looks suspicious or is for a product or service you never ordered, simply don’t pay for it. 

Sometimes, invoices can appear quite authentic and are even sent through PayPal’s official payment request system. However, you need to look closer. 

First, look at the actual email address that the email was sent from not just what you see as the display name. Next, pay attention to details such as the “Bill to” name. It should have your name on it or your business’s name, not something generic such as “Paypal User”.  

Check the PayPal invoice number and make sure the invoice has no spelling errors or any suspicious phone numbers or links. Also, make it a point to always cross-check any invoice with your internal records. If you have no record of such a purchase, that should be an automatic red flag.  

Even if the email looks official but is asking you to click a link or call a phone number, don’t do it!

The best way to protect your business from potential invoice scams is to ignore these emails and report them to PayPal. 

You can also simply log in to your PayPal account, either through the website or the app, and check to see if any action is needed on your part if you have received an email asking you to “resolve an issue” on your account. 

Also, as a rule of thumb, you should never send money to any cryptocurrency wallet that is mentioned on an invoice or money request. Regardless of where it is from.  

How To Report A PayPal Invoice Scam?

To report any type of unwarranted PayPal invoices or money requests simply log in to your PayPal account, whether online or through the app. 

When reporting via your web browser simply click on the Activity tab and you will find the option “Report this invoice”. Simply click the option and follow the steps. 

If you are reporting via the app go into the payments tab, then tap on bills. Find the invoice or money request in question and when you click on it you will see the option “Report this invoice”. Simply tap that and follow the steps.

If you want to report a suspicious email, you can simply forward that email to phishing@paypal.com. After you do, make sure you delete it from your inbox. The PayPal team will look into it and take any necessary action needed.

Apart from reporting these scams to PayPal directly, you can also report fraudulent phishing emails to government agencies such as the FTC, as well as credit bureaus and other financial institutions.

If you would like to report a PayPal fraud or any unauthorized activity immediately, click here.  

5 Best Practices & Measures You Can Take To Prevent Online Fraud

As a business owner, protecting against scams and fraud may not be on your priority list of things to do. However, it should be. 

Fraud protection can include many types of practices, measures, and strategies such as the implementation of internal controls, employee background checks, employee training, risk assessments, cybersecurity, and audits to help reduce the risk of potential scams and protect the business’s reputation, assets, finances, and vital consumer data. 

Therefore, businesses of all sizes need to have, at the very least, these five protective measures in place to safeguard against hackers, scammers, phishing, and/or email fraud. 

Set A Strong & Secure Password

We can’t stress this enough. Today, hackers use sophisticated software programs to guess passwords. The weaker your password is the easier it is to guess and the easier it is for any hacker to gain access to your accounts. 

This is why you must set strong and secure passwords that are nearly impossible to guess. Strong passwords have at the very least 8 characters, this includes one character that is capitalized and at least one special character such as a !, $, or @ sign.  

Buy and install Anti-Malware & Anti-Spyware Software

Always make sure that your businesses’ computers are running on the latest version of whatever Operating System (OS) you may be using and that they are all installed with business-grade anti-spyware and anti-malware software.

Note that free or limited-featured anti-virus software is not enough to protect your business from online threats, regardless of how small your business might be. That is why it is recommended that all businesses seek out Managed IT and Cybersecurity Services to help keep online threats at bay.  

Learn How To Identify Phishing Emails & Fraudulent Messages

Phishing emails are easy to spot if you know what you are looking for. Some email scams are relatively easy to spot as they come from flagged sources or have subject lines such as “Claim Your Free Gift” or “Your Payment Details for XYZ Site Has Expired. Click Here To Update Information.” 

However, sometimes phishing scams can be a lot harder to detect, such as the PayPal invoice scams that have sprung up recently. 

So, as a rule of thumb, you and your employees should make it a point to never open any links, files, or attachments from unrecognized sources. 

You should also train your employees to send any email that they deem suspicious to the IT team for investigation. They should under no circumstances respond or click on anything in that email until they get clearance from the IT team.

By being vigilant and taking precautions whenever possible, you give your business the best chance to remain unscathed from malicious malware, scams, and hackers. 

Have An Address Verification System (AVS) and A Card Verification Value (CVV) For Your Payment Processor

If you are accepting payments from your website or e-commerce platform you need to be doubly careful about online safety and security. 

Making AVS and CVV mandatory during checkout is one of the best and most effective forms of fraud protection. This is because while hackers can get your credit card number and expiry date it is almost impossible for them to know the billing address attached to that card or the CVV number behind the card unless they have the physical card with them.

Most payment processing solutions support both AVS and CVV as part of their checkout templates. You just need to make sure you are using these tools that are at your disposal not just to safeguard your business but also your business’s reputation and customer base.

Always Connect To Secured Wi-Fi Networks

We have all heard those horror stories of people’s laptops being hacked into while connected to an unsecured Wi-Fi network, whether that be at a restaurant/cafe or at the airport. 

This is why it is best to always stay connected to a secure Wi-Fi network that is protected by a firewall, has access and guest restrictions, and a strong and secure password. 

If you are using an unsecured Wi-Fi network, make sure you have the best firewall installed and the best cybersecurity services at your disposal. 

Other Types of Online Fraud - What To Watch Out For?

Unfortunately, with advancements in technology and our dependence on it, online scams and frauds are not just increasing but are harder to track and even harder to identify. 

As a business owner, you need to be aware of all the different types of online fraud that could pose a potential threat to your business. 

So, apart from PayPal invoice scams, as a business owner you also need to be on the lookout for: 

• Identity fraud: Stealing of personal information that is then used to make transfers and purchases or commit a crime. 
• Vendor fraud: A vendor requesting advance payments for goods and services that are never delivered. 
• Online shopping fraud: Purchasing of products from a fake e-commerce website.
• Data breaches: Stealing of vital business and consumer data by cyber criminals to sabotage a business's reputation.
• Return fraud: The returning of damaged and used products and asking for full refunds.
• Tax scams: An attempt by fraudsters to pry personal and financial information over the phone by posing as debt collectors or IRS agents.
• Phishing emails: Emails that are designed to tempt you into disclosing sensitive personal and financial information.
• Invoice scams: The receiving of fake invoices from unknown suppliers that are seeking payment for products and services never purchased.  
• Payroll fraud: The adding of ghost employees on the payroll or inflating hours worked in order to siphon money from the business. 
• Employee theft: Stealing of vital information, money, and inventory by employees of the business.

Frequently Asked Questions (FAQs)

Q) What damage can frauds and scams cause to businesses?

Being deceived by fraudsters and scammers can have a disastrous impact on a business as it can lead to financial loss, legal challenges, loss of reputation and stakeholder trust, credit challenges, and operational changes.  

Q) How many fraudulent emails are sent daily?

Nearly 6.5 billion fraudulent emails are sent out daily and nearly all businesses, no matter their size, are targeted. 

Keep Hackers At Bay With Cyberlynx’s 24/7 Intrusion Detection & Response Solution

The best way to safeguard and protect your business not just from PayPal invoice scams, but also from hackers and fraudsters is Cyberlynx’s 24/7 Intrusion Detection and Response System which detects hackers trying to bypass security and kicks them out before they can get anywhere. 

That’s not all! Cyberlynx also offers a range of IT, CIO, and Cybersecurity services for businesses of all sizes providing business owners with much-needed peace of mind and high-quality responsive IT services whenever needed.

To learn more give us a call at 301-798-9170 or email us at info@cyberlynx.com