We have vendors using squareup and a few people use their work account as personal so I can't block their domain entirely. Squareup has been unresponsive on killing a scammer's account I just ended up blocking squareup completely for that user.
I've been finding fraudulent Paypal, squareup, and intuit/quickbook invoices straight from those services and random takeover accounts/domains not part of those systems. They raised a real invoice for $500 and in the information where you're supposed to put details about the invoice they had just put "This money will be invoiced immediately, If you wish to contact us about this charge, please phone xxx xxxx xxx", at which point you end up with a scam call centre who will work you through some sort of banking refund scam like you see on Kitboga, Jim Browning and Mark Rober et al.īut for all intents and purposes, this looks like a real email that has genuinely come from PayPal, because it really has genuinely come from PayPal. PayPal lets you use them for invoicing, if you have a PayPal business account (or more likely if scammers have access to a compromised PayPal business account) you can go "Create me an invoice, send it to this email address, with this information in it" It was then I realised what the scammers had done.
Now I obviously this tripped my scam senses, but it had made it to my inbox through google's spam stuff and I couldn't immediately work out how it was a scam, the email appeared genuine, it did actually come from PayPal, it had passed SPF, DKIM etc, all links went to genuine PayPal URLs. I thought you folks might be interested in an email scam I received yesterday an email that said I had an outstanding invoice that needed to be paid from PayPal.
0 kommentar(er)
