In order for their attacks to be successful, scammers first need a way to get your attention and one of the easiest ways to dupe unsuspecting victims is with an unpaid invoice.
Scammers and cybercriminals alike often use unpaid invoices as a lure in their phishing emails due to how well they work. Whether you’re an employee or a small business owner, an unpaid invoice in your inbox is the kind of thing that demands your attention.
Phishing emails about unpaid invoices also often instill a sense of urgency to get users to open them. From here, the actual invoice may appear in the body of the email but it’s more likely to be included as an attachment which could also contain malware. Even if the attachment itself is harmless, many of these fake invoices do actually end up getting paid.
To give you a bit more insight into fake invoice scams and how they work, here’s a suspicious PayPal invoice I recently received in my own inbox.
Suspicious PayPal invoices
As I was checking my email earlier this week, I noticed there was an unpaid PayPal invoice in my inbox. Since I don’t use PayPal with my work email, I knew right off the bat that this was a scam but decided to investigate further.
The first thing I did was to check the sender’s email address to make sure that the message actually originated from PayPal. While email addresses can be spoofed, I knew that this was a legitimate message as I hovered over the “View and Pay…
