PayPal Community

marubi · ‎Apr-29-2022

So here's what happened to me: I get an email notification that looked like it legitimately came from paypal, that I have an invoice. First time for me, I have never received an invoice from paypal before, only notification of payments that I've authorized. So obviously, I did not authorize this. Nonetheless, I did NOT click the link in the email. So I logged into my paypal account, and there it was, for $297.88, with a business name, another email address, a name that the invoice is intended for (not mine) and my email address. I looked at the paypal website about what to do, so I sent the original email to phish@paypal...(in hindsight, this doesn't really address the problem. The notification came from Paypal, but they didn't phish the email, the fraudulent source used a legitimate business name to invoice me.) Then they advise to delete that original email. I did (wish I would have done a screen capture of it). I also changed my password, security questions, etc. in paypal.

By the way, this reminds me of the phony email scam I've received in recent months, usually for anti virus software/services. I was directly contacting Norton, etc. for the first few. The rest of them I forwarded to amazon and my email spam services, and they eventually stopped. But what concerns me about this happening within Paypal, is that I'm not seeing reassurances that Paypal is addressing the fraud.

So then, what to do about the invoice? Of course I'm not going to pay it (makes me wonder how many people inadvertently click that pay button? And if this is a scam, it must not be that effective at getting that immediate payment. THAT IS, if their ultimate goal isn't actually getting INFORMATION) But I didn't like that invoice in my queue. I clicked around on the help community and a paypal support person advised to simply cancel the invoice, that perhaps the business simply typed in the wrong email address.

But HOW do we know that?

I also looked up the company online. It's a legitimate company. But I still wasn't comfortable directly emailing them, just in case. So I found their facebook page, and there, the company owner had posted a video 8 hours earlier — thank goodness she did that! — in which she said, "My name is such and such from this company. I've been getting complaints. We DO NOT send invoices to folks who are not on our list! And the ONLY invoices we would send would come from these email addresses, etc." So I facebook messaged her, thanking her for the confirmation. Can you imagine how frustrated she is receiving all these messages from people who think she's behind this? (plus, it was a cool business, an entrepreneurial collective of black owned businesses)

So I go back to Paypal figuring there is at least something official I can do. But no help topics directly addressed this. I ended up cancelling the invoice in Paypal last night. But almost immediately I was concerned about any of my info going back to that suspicious source.

So the only conclusion I've come to is that there should be at least one, maybe more security steps Paypal should build in when sent an invoice you did not authorize. First, I wouldn't mind getting a "pre-notification" email from paypal that says, "did you authorize this invoice?". I'm certain that business owner would have liked a notification when an invoice was sent using her actual business name, but NONE of her approved email addresses. (I'm not even sure she uses Paypal) OR, when setting up the process by which you actually use paypal to invoice people, there should be an confirmation process, where Paypal checks for the very email addresses this particular business owner uses.

That brings us to the return email address on this fraudulent invoice. Who is that email connected to? Another person with a paypal account, or a bot? Anyway, Paypal needs to send an email to that email account (maybe they do, but I'd like to know the process). The transaction should be flagged if it hasn't been confirmed along the way. Also, and this one was big for me: when I cancel it, I need to be assured that the communication happens in a portal where I'm protected, or perhaps Paypal takes it from there. And maybe I am in fact protected, I just need assurance that I was.

Whoever read this, thanks for making it through the whole long slog. But I do hope it either clarifies things for me, or even better, improves security processes and customer service for Paypal and its users, thanks!

marubi · ‎Dec-09-2022

Thanks so much for posting this, and for being so thorough! Just reading it made me feel a lot better to know I'm not the only one...if that makes sense.

Same thing happened to me. And this is a new thing in the last few months, first time for me. And I've also never sent an invoice myself nor received an invoice via paypal before...ever.

I received two phony invoices. The latest one I forwarded from my email notification to the two paypal fraud emails I've sent weird stuff to before: phishing@paypal.com (and another email address that when I first tried to submit this post, I got an error from Paypal that said, "The message body contains [email address] which is not permitted in this community. Please remove this content before sending your post.) So, when I went to look at that invoice in my paypal account (clicked details), I got a screen that said, "this invoice is no longer available". Check to see if you're getting that in your list of invoices for the phony one you received (again, after clicking details). That was somewhat reassuring for me.

Also when I checked that list in my paypal account, there was ANOTHER phony invoice. Of course I didn't pay it now, nor did I accidentally pay it earlier, but I must have missed the notification email. The second phony invoice had what "looked" like a legitimate email address (no long list of numbers, a human name, etc.) When I looked at the support pages for paypal I saw the same "yadda, yadda" about "sometimes companies send to the wrong emails..." (when you've NEVER done business with said company? Doesn't pass the smell test), but it did say when you cancel the invoice, paypal will then contact the email address on the phony invoice.

That tells me, that if they get a bounce or a bogus reply from that email they've sent, Paypal should then report the transaction as fraudulent, or it goes on some security list — and maybe they do. I just wish, like you, that I had confirmation of it. But when I checked the list again, there was a slash through the amount number on that invoice, and the "Details" link is no longer there — again, somewhat reassuring. Just wish I had a few more details.

In short, I do trust that there is efficiency in Paypal's process, generally. Whenever I had a questionable, not fraudulent, transaction, three times I can remember: In one case, the company didn't send me the merchandise I paid for (could've been a supply chain pandemic issue). In the other two cases, the companies were unclear on the autopay details. In all three cases, Paypal addressed it immediately and I got refunds.

Thanks for reading...

Birdthulu · ‎Dec-28-2022

Wow same: mine was crypto related and I couldn't cancel. Paypal was like "here's our terms of services as to why we cannot cancel a nearly $700 fraudulent charge" How am I to feel like my information is protected when I'm getting emails at 6 AM from a scammer? Through PayPal? It's actually hurting the perception of thic company that I legit can see via comments and dates that this IS an ongoing problem. I'm like do they even pay attention now? 🙄

hubbard_minpin · ‎Jan-12-2023

They dont pay attention nor do they care. I'm guessing they earn fees on anything that moves through their rails good or bad. I agree that allowing scammers to carpet bomb email addresses with invoices to see who bites is a terrible business practice that will just make people leave paypal for other things like zelle.

RufusHeller70 · ‎Jan-15-2023

You've described to a 't' both of my experiences in the last 4 months; the customer service rep was unprofessional in his/her responses, actually admitted this "sometimes" happens, and did not leave me with the feeling that anything would be done to prevent this going forward. Also unacceptable is not getting any emails confirming 1) our phone call took place, and 2) that PayPal is/would be taking action to prevent this in the future.

LanoueT · ‎Jul-12-2023

Me too except I can't find any record at all of the invoices. And it keeps saying payment denied because I took my money out of PayPal due to this happening!

PayPal Community

Canceling unauthorized invoices: Paypal should have another security step!

Haven't Found your Answer?