Site icon The Mac Security Blog

Money request and invoice scams via PayPal, Venmo, and Docusign

Throughout the past couple of years, we’ve continued to see more and more scams that leverage fake invoices. Scammers often send them via legitimate services, such as Intuit QuickBooks or PayPal, to bypass e-mail spam filters.

The latest round of scams uses “money requests,” invoices, or fake receipts sent either directly via PayPal, or via PayPal-owned Venmo. In some cases, scammers send these scams via Docusign, while pretending to be from PayPal.

Here’s how you can recognize, avoid, and report these scams.

Fake “You’ve got a money request” from PayPal

First, let’s take a look at what a fake invoice or money request sent via PayPal looks like.

A fake invoice that was actually sent through PayPal. Note that the supposed “Fraud Alert” phone number was added by the scammer.

If you get a money request or invoice via PayPal, the From address will be service@paypal.com and the subject will be “You’ve got a money request.” But that doesn’t mean that the invoice or money request is legitimate; scammers often leverage real services like PayPal to send scams.

First of all, if you don’t have any business relationship with the person or organization who allegedly sent the invoice, that should be your first red flag. Second, the amount is sometimes (but not always) scarily high; the main point of this is to cause the recipient to panic and act rashly.

And third, pay close attention to the “Note from seller” field. In the example above the note from the seller says “Fraud Alert: Didn’t make this order? Call at 1-863-[redacted].” The phone number belongs to the scammer who sent the message—NOT to PayPal.

Fake “Person’s Name requests $xxx.xx” from Venmo

Next, let’s take a look at a variation on this scam, sent via PayPal subsidiary Venmo:

 

In this case, the subject line follows the template “[Woman’s Name] requests [$xxx.xx]” requesting hundreds of dollars. The scammer may provide different justifications for this expense, such as one of the following:

Subscription Confirmed: Your service is active with a monthly fee, debited from Venmo. For questions or to cancel, contact Venmo Customer Service at +1 (808) 808_[redacted] (Toll Free). This email confirms the charge.

You paid $249.99 USD for Crypto Currency using Venmo. This amount will be auto deducted every month. If this is not authorized by you, Call Venmo Customer Service to cancel at 1 (808) 509_[redacted]. (Toll Free). Do not reply , Replying to this mail will confirm the order.

Like with the PayPal variation of the scam, neither of these phone numbers will actually go to Venmo customer support. Rather, the scammer operates these phone numbers.

Fake “[Someone] sent you a document to review and sign” from Docusign

A third variation of this scam uses Docusign, but may still claim in the body of the e-mail to be related to PayPal.

Scam messages sent via Docusign will have more variety in the subject line; they may say things like “We have completed your [$xx.xxx] payment successfully” or “Receipt of Your Firearm Purchase via PayPal.” The body may be similar to one of the following examples, or may say something else entirely:

We are delighted to inform you that your Bitcoin purchase through PayPal has been completed successfully. A DocuSign document will be sent to you soon for your signature, confirming that the Bitcoin has been received. Please ensure the Bitcoin is credited to your account before proceeding with the signature. Your PayPal transaction has been processed.

We are here to inform you that Consumer Financial Protection Bureau (CFPB) has found suspicious transaction from your PayPal account and has raised ticket on specific transaction processed by your PayPal for purchasing the firearm and misleading the agencies. In result , we are going to issue a summon against you and would like you to connect with PayPal support desk immediately.

Again, the body of the message will contain a phone number. And—you guessed it—the phone number belongs to the scammer, not to PayPal (or Docusign, or any other legitimate company).

How can I report these scammers?

For fraudulent invoices that appear to come from PayPal, you can forward them to phishing@paypal.com.

Similarly, for fraudulent invoices that appear to come from Venmo, you can forward them to phishing@venmo.com.

Fake invoices that appear to have been sent through Docusign should be forwarded to security@docusign.com.

And, as a reminder, for fake invoices that appear to have been sent through Intuit QuickBooks, you can forward them to security@intuit.com.

It’s also a good idea to forward scam and phishing e-mails to the U.S. Federal Trade Commission (FTC) at spam@uce.gov. Additionally, you can CC the Anti-Phishing Working Group at reportphishing@antiphishing.org. The APWG is a coalition of international law enforcement agencies and tech companies that work together to take down identity thieves and fraudsters.

If you believe you’ve fallen victim to one of these scams, inform the FTC; go to ReportFraud.ftc.gov and fill out the form. You may also find it helpful to review Intego’s video about how to report scams before submitting your report.

How can I learn more?

We’ve previously covered scams related to fake Geek Squad, Norton, and McAfee invoices, fake e-mails from Apple, fake package delivery service e-mails, the top 10 online scams, and more. Check out those articles for additional details.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels:       

Share this: