Over the past three weeks, I’ve received several invoices through PayPal for alleged purchases of cryptocurrency. One such invoice is shown here.
I don’t have a PayPal account, and I have not been in contact with this seller, so my natural inclination is to consider this a scam.
The email actually originated at PayPal, per the SMTP and DKIM headers, and the View and Pay Invoice link actually goes to paypal.com.
While I haven’t received that particular scam, I do receive a half-dozen or do fake invoices, texts, even phone calls weekly using variations on that theme, leveraging Amazon, Best Buy, PayPal for purchase ‘authorization’ of some high-ticket item, often iPhones or iPads. While most are easily identified from their tortured English, bad punctuation, silly formatting errors, and such, a few actually are leveraging the actual platforms. Those are particularly disturbing if for no other reason than their internal security should prevent such hijacking. Next one I get I’ll screen shot for you.