We have been tracking a series of PayPal-based invoice scams for a while now, in which fraudsters are emailing fake invoices via PayPal to would-be victims. For example, see this crypto-related PayPal scam we reported on in October. Now, in a particularly egregious scam attempt fraudsters are using the good name of Trend Micro in their schemes. As seen below, the invoice contains a large, fictional payment that is intended to alarm the recipient.
Sample scam emails sent via PayPal
How the Trend Micro LLC PayPal Invoice Scam Works
In the email’s text is a phone number that the would-be victim is asked to contact in order to dispute the pending charge. This scam is highly effective in its social engineering strategy as the email is a legitimate one that does come from PayPal. Because of this, the scam attempt is lent a smokescreen of persuasiveness.
Victims who call the number to dispute the charge will be put into direct contact with the scammers. At this point there will be a few routes the scammer can take, for example:
- requesting personal information to authenticate the account;
- requesting that the individual downloads necessary software such as administrative tools;
- requesting that the victim visits the website, “anydesk[dot]com”;
- and requesting direct control of the user’s device.
4 Red Flags You Should Be Aware Of
Although most of these emails do come from PayPal, there are still red flags:
A PayPal email following a legitimate purchase with a large company like Trend Micro will definitely NOT be sent as a money request from a random individual.
- Scare tactics:
Notice also how the quoted text (which is a copy & paste job) immediately claims the payment made was “unauthorized” in order to scare you. Likewise the 24hr deadline — a classic social engineering tactic to pressure victims.
- Phone numbers:
Don’t call the numbers listed in the email, go to the official site. There are several different phone numbers provided in these emails — for a large company however, there will be just one dedicated phone number per issue / per location.
- Odd layout:
The scam attempt below is easier to spot as the whole thing is fake — including the “PayPal” email. Notice the odd word choice (“didn’t witness”), as well as poor layout and a different font.
What You Can Do
At present we have around ten confirmed reports of this scam attempt — our thanks to those who have reported the emails to us at firstname.lastname@example.org. It is these lines of communication which will help combat such scam attempts and keep consumers secure.
PayPal also encourages users to forward suspicious emails to email@example.com, where their security experts can determine fakes — and shut down the source of the email. Consumers can also report scam attempts to the Better Business Bureau, where reports and transcriptions will be posted, as seen below.
What Will a Legitimate PayPal Email from Trend Micro Look Like?
This is what an authentic PayPal email will look like following a legitimate purchase with Trend Micro:
- Note that there is no nonsense story from a random individual. We work with Digital River, so the payment will be made to “Digital River Ireland Ltd”, NOT “Trend Micro LLC”.
- There is no 24hr time limit to dispute.
- There is also far more detail about the payment.
Trend Micro LLC PayPal Invoice Scam: In Summary
To summarize, be wary of any unexpected/unauthorized charges that come in via email — even if the email itself comes from a legitimate company such as PayPal. NEVER click on links or call numbers on the email— and when in doubt, contact the relevant company directly.
We would also encourage users to continue forwarding suspicious emails to us at firstname.lastname@example.org — particularly if it involves Trend Micro’s name.
In response to this type of scam, PayPal has previously stated:
“We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.”
Phone screenshots of sample emails
Protect Yourself with Trend Micro Check
NEVER use links or phone numbers from unknown sources! Use Trend Micro Check to detect scams with ease: Trend Micro Check is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!
After you’ve pinned the Trend Micro Check extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge).
You can also download the Trend Micro Check mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).
Given you’ll be required to enter personal information on these kinds of payment platforms, ID Security will also ensure you’re never the victim of a data breach. Lastly, check out this page for more information on Trend Micro Check.
If you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected — and consider providing a comment or like below. Stay safe, folks!
You Might Also Be Interested In...
Get all the latest cybersecurity news