Recently we have been tracking a series of PayPal-based invoice scams, in which fraudsters are emailing invoices via PayPal to would-be victims. This week’s example has been utilizing the Solana blockchain as its disguise. As seen below, the invoice contains a large, fictional payment that is intended to alarm the recipient.

Alongside the communication is a phone number that the victim is asked to contact in order to dispute the pending charge. This scam is highly effective in its social engineering strategy as the email is, after all, a legitimate one that does come from PayPal directly. Thus the whole incident is lent a smokescreen of persuasiveness. Victims who call the number to dispute the charge will be put into direct contact with the scammers. At this point, there will be several scam attempts open to the scammer, for example:

In response to these scams, PayPal has stated:

“We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.”

So to summarize, be wary of any unexpected/unauthorized charges that come in via email — even if the email itself comes from a legitimate company such as PayPal. NEVER click on links or call numbers — and when in doubt, contact the relevant company directly.

