Recently we have been tracking a series of PayPal-based invoice scams, in which fraudsters are emailing invoices via PayPal to would-be victims. This week’s example has been utilizing the Solana blockchain as its disguise. As seen below, the invoice contains a large, fictional payment that is intended to alarm the recipient.
How the Solana PayPal Invoice Scam Works
Alongside the communication is a phone number that the victim is asked to contact in order to dispute the pending charge. This scam is highly effective in its social engineering strategy as the email is, after all, a legitimate one that does come from PayPal directly. Thus the whole incident is lent a smokescreen of persuasiveness. Victims who call the number to dispute the charge will be put into direct contact with the scammers. At this point, there will be several scam attempts open to the scammer, for example:
- requesting personal information to authenticate your account;
- requesting that the individual downloads necessary software such as administrative tools;
- requesting that the victim visits the website, “globalquicksupport[.]com”;
- and even requesting direct control of the user’s device.
In response to these scams, PayPal has stated:
“We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.”
So to summarize, be wary of any unexpected/unauthorized charges that come in via email — even if the email itself comes from a legitimate company such as PayPal. NEVER click on links or call numbers — and when in doubt, contact the relevant company directly.
Protect Yourself with ScamCheck
- Double-check people’s contact details — and URLs.
- Reach out to official websites and support pages directly for help if in doubt.
- NEVER use links or buttons from unknown sources! Use Trend Micro ScamCheck to detect scams with ease: Trend Micro ScamCheck is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!
After you’ve pinned the ScamCheck extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge).
You can also download the ScamCheck mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).
Check out this page for more information on ScamCheck.
Given you’ll be required to enter personal information on these kinds of platforms, ID Security will also ensure you’re never the victim of a data breach.
And as ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.