No, That’s Not Really PayPal Scamming You

Some Kansans are getting scammed online, and the scammers make it appear as though the popular internet paysite PayPal is the one doing the scamming. It’s not PayPal, though.

Here’s how the scam works.

A hacker creates a free account in PayPal.

They would create a spoofed invoice – generally either for Norton or Microsoft – and then send it to the user.

Since it’s created in PayPal, the email comes across as legitimate.

Email scanners see a legitimate PayPal domain.

Since PayPal is on most Allow Lists as a legitimate site, the email passes right through.

The scammer’s email has the victim call a toll-free phone number so that they can pay.

The scammer then ends up with a confirmation of your email, and they also have your phone number, which can be used for future attacks.

And, of course, they have your money.

Email security company Avanan discovered the scam, and notified PayPal of this attack on July 19th.