Category: Scams (Page 1 of 6)

Remote Control Scams in 2023

March 15, 2023 / Jesse Mueller / 1 Comment

Remote control scams are alive and well in 2023. I blogged about this just a year ago, but this is important enough to go over again.

Scammers grab as much money as they can.

A remote control scam is where someone is out to steal your money, and they use remote control software to get into your computer. Once they have access to your system, they’ll push further into your finances (and your consciousness) to take as much as they can. Some of these bad guys are aiming for a quick $300. But this year, I’m seeing where they aim higher. In the last month, I’ve spoken with victims who have lost $30,000, $75,000, and more than $100,000 to these cybercriminals.

What makes these scams so dangerous, though, is that there is nothing you can put on your computer to protect against them. There is no virus to guard against. Your computer is not being infected or hacked. It’s largely a social-engineering operation, where the victim’s brain is the target. If the crook gets inside your head, then they will win. So please be knowledgeable about how remote control scams work, so that you don’t become a victim someday.

How These Scams Begin

A remote control scam begins over a phone call. That call starts in various ways:

A unexpected notice pops-up on your screen. It claims you are being hacked or infected with many viruses. Or it may accuse you of viewing illegal adult content and threaten you with fines or arrest. A robo-voice warning may blare out of your speakers, and urge you to dial a particular phone number. These pop-ups are often difficult or impossible to close.
You receive a robo-call. The recording tells you that there is a problem with your computer or online account, and you should press 1 to be connected with an agent now!
An email announces that a charge is pending for something you didn’t buy. Something like a Norton renewal, Geek Squad payment, or an expensive app from the Apple Store. And at the bottom of the email, a phone number is offered to you if you wish to dispute the charge.

These alerts almost always drop a big name: Microsoft, Paypal, Amazon, Apple, etc. But that big tech company is not responsible for the urgent notice. You’re being lied to by an impostor. The scammers are just looking to get that phone call started, by stealing and using a respected name and logo!

Getting Inside Your Head

Once an active scam phone call begins, the cybercrook gets to work immediately. And their work is akin to hypnotism. They tell an urgent story, using very convincing jargon and details, in order to get your cooperation.

There are so many stories I can hardly remember them all:

Hackers are attacking your PC right now!
No worries, I can get you a refund for that charge.
I see that your computer is running slowly, and I will fix it for free.
We overcharged you in the past and would like to compensate you as an apology.
You have not paid these back taxes and officers are coming to arrest you in less than an hour.

If they get inside your head, the next step is to see if they can get inside the computer (or mobile device). They guide the victim to install a small program for this. And often, the victim hardly realizes what’s going on, due to the stress & panic of the situation.

If You Give a Crook Your Mousie…

These bad guys use the same remote control tools that all the good guys use. They just need to convince their mark to install one before the scam can progress. Here are some examples:

The crook emails a link to the victim, for downloading their “helper” app. They instruct on how to click the link and then to click Yes on any prompt while the program loads.
The scammer asks the victim to open Quick Support from the Windows Start Menu, and they ask for the access code on its screen.
A bad guy explains how to open a Run window. He then dictates a website to type in, something like www.ammyy.com or https://get.teamviewer.com .
The criminal tells how to use the app store on the phone to get an inspection app. But once the app is opened on the phone, it turns out to allow remote access.

remote control apps in the Google Play Store — These are just a handful of free remote access apps that scammers can use.

Anyone who follows these kinds of steps will permit a scammer full control over the computer. It is the same as when I connect to your computers to fix them. The cyber criminal will see the screen and be able to mouse around on the system. But they aren’t there to fix anything. Instead, they’re fixing to invade some bank accounts!

Further Convincing Details

Once aboard the computer, the bad guys often “get right to work”, running scans and opening lots of windows. They may show off a complicated Control Panel to show the thousands of errors on the system. Or launch a DOS window that is covered in IP addresses of the hackers targeting the system. They also can place lots of new and curious icons on the desktop:

convincing icons left behind by scammers — Bogus Icons That Sure Look Impressive

Whatever they demonstrate is just computer theater. The goal at this stage is to overwhelm and impress the victim, to get them to fall in line. They are “tenderizing the meat.” The crook really wants to be sure that they’ll get full cooperation on the next step of the plan.

Step 3: Profit

If the scammer has gotten this far, they will now start the financial part of the scheme. Some scammers still ask for gift cards, but the greedier criminals want to see the online bank accounts. They know it’ll net them more money. So they insist that the victim go to their banking website and login, with these types of stories:

I will be happy to refund you the $500 fee, if you can just show me what account number to transfer it to.
We must safeguard your savings before the hackers get to it. They have almost gotten your money, but we can move it to a safe government holding account before they hack you!
You can satisfy your debt with a quick transfer and I can show you how to do it through your bank’s billpay.

These criminals usually don’t care what your bank password is. They typically ignore your bank account numbers. They just want to see your balance. They want to see what the jackpot amount is, and their next scheme adjusts accordingly, to drain your account. One possible scenario:

The thief spots $500 in the checking account and $50,000 in the savings, They offer to refund the fake Norton charges to the checking. “We will give you your $400 back to you right now!”. But after they initiate a transfer, the bank account will refresh and show a $40,000 incoming deposit. The scammer will get angry and loud, claiming, “You mistyped it! You messed it up and took $40,000 from me! I will lose my job for this! I will call the police on you, unless you send me back that money!” And then he will attempt to wire transfer $40,000 out of the savings account to … some other account that he controls.

Here’s another far-fetched story:

The crook sees $20,000 in checking and $80,000 in savings. They say, “OK, look, we can save your money, but we have to move it all into your checking account. The hacker is attacking your savings account” After a quick money shuffle, the checking account holds $100,000. “Oh no, the scammers noticed what I did, now they are hacking after your checking account! We will have to move all your money to a protective FBI account. If we don’t, the scammers will take your money in the next 15 minutes. I can see that they have almost hacked your Bank of America security. Quickly now! We can bring back all of your money after the scammers are defeated!”

This is it. If the scammer has gotten this far, they’ve just won the lottery. The small fortune in American Dollars they’ve just grabbed will convert to a large fortune in their country’s currency.

If they have anything else to do with their victim at this point, it will be to buy for time. They may have other stories now, to calm the victim, to get the victim to relax and just wait a few days. This is to give them time to transfer and hide the money, to make it harder to for that money to be clawed back when the fraud is detected.

If You Have Lost Money To This Scam

After the scam and phone call ends, the hypnotism will fade away and the truth will dawn. At this point, you’ve got to act fast, to get a tourniquet on the situation:

Contact your banking institution to let them know you may have been scammed. Do NOT wait until the morning, call any and every number you have for them, until you reach a live human. Describe the entire scam-process to them, and they will know what you are talking about. Follow all of their instructions to a tee, to protect your account and seek recovery of your money. The sooner you contact your bank, the greater your chances of recovering your money!
Disable or uninstall the remote control software used by the bad guys. If you don’t know how to do this, turn off the computer and seek legitimate computer help!
Change your online banking password (your bank may help you with this when you contact them). Change the passwords to any sites you logged into while the bad guys were connected to your system. Change as many passwords as it takes to get your peace of mind back.

Final Notes & Commentary

When I teach people about these scams, a frequent comment I hear is “Boy, how stupid do you have to be to fall for this?” Let go of that sentiment right now. Scammers can rob people, regardless of intelligence or education level. I have helped so many people recover from these crimes, and the victims come from all walks of life. Some are business owners. Others are teachers. Many have gone to college and have Dr. before their names or many letters after their names. Let’s not victim-shame or victim-blame. We should instead focus on how skilled the criminals are at their game. Some of them truly are world-class hypnotists. Recognizing them as a serious enemy is a better mindset.

Big tech companies are not going to call you out of the blue with an unexpected crisis. It’s always a scam. If you still have doubts, talk to someone else before taking action. Call a friend or a computer tech or a family member. Only call phone numbers that you can trust 100%, like those printed on your billing statements or found at GetHuman.

Antivirus software defeats viruses. Ad-blockers stop malicious ads. Firewalls defends against hackers and malware. But as I mentioned at the start, this type of scam belongs to none of those threat groups. It doesn’t matter if you have a PC, a a Chromebook or an iPhone. Your head is the target, not the device. Knowledge equals protection with this issue, and that’s what all these words are here for. Please be aware, and cultivate a healthy mistrust for the unexpected.

Xfinity Scam – “50% Discount”

March 13, 2023 / Jesse Mueller / 0 Comments

There’s a scam going around right now, promising a 50% discount on your Comcast/Xfinity bill. You might see this scam in your email, Facebook feed or even get a phone call! In any case, please know that it is not a legitimate offer.

It is too good to be true. Anyone duped into calling the offered number will reach a scammer, not an Xfinity rep. And the crook will press you to pay some advance money to qualify for the fictional discount. Once you send them any kind of payment, they’ll disappear.

Xfinity doesn’t offer any deep discounts like this, but you are always welcome to reach out to them to verify other offers you might hear about. You can report this scam to them when you receive it, if you like, but rest assured they already know all about it.

Website Listing Offers

February 7, 2023 / Jesse Mueller / 1 Comment

If you’ve ever registered a domain name, you’ve probably come across some postal mail, offering to list your website in an online directory. Here’s an example I received recently:

Now, I’m not going to outright call this a scam. You may if you want to. But I imagine that if I paid them their money, they truly would list me somewhere on the internet. I bet they have a “directory” on their website that anyone can visit and view.

But this sort of offer is, of course, specious and suspect. Most people will spend $300 of their advertising budget in better ways than this. This company is engaging in a curious form of marketing, where they simply see who they can get to pay their bills. It’s not quite phishing and not quite panhandling, but smacks of both.

It reminds me of Evaldas Rimasauskas, a gentleman who started sending truthy-looking bills to Google and Facebook, to see if they would pay them. When they did, he sent more and more bills, and collected over $100M before he was caught and indicted.

I’m sure you’re considering the above invoice and thinking, “I would never fall for this nonsense.” That’s good. But this is more about the weakest link in your business. Consider your staff, especially those that open your mail and pay your bills for you. Would any of them rubber-stamp this and pay it without a second thought? If this gives you pause, then perhaps it’s time to have a kind meeting about this topic. Frank conversation and education will defeat this scheme.

Software Deals Too Good to be True

January 24, 2023 / Jesse Mueller / 0 Comments

If you’re looking to buy Microsoft Office software, you can expect to rent it for $70 or $100/yr, or you can buy it outright for $150, $250, or $440, depending on the version you need. Those are the direct-from-Microsoft prices. But if you search the web for better pricing, you’ll very quickly meet up with software deals that are too good to be true:

Remember the axiom: If It’s Too Good to be True…

Please do not buy anything from these vendors. Only buy your software from trusted stores and websites. Buying directly from Microsoft/Adobe/Intuit is safest, but you’ll also be in good hands buying from Costco, Best Buy, Target and other big names.

There are legitimate software deals out there, but only for specific people or scenarios. Nonprofit orgs and students may be offered ultra-low prices for MS Office, and you can trust in those offers because they’ll come through official channels.

What’s at Risk with These Online Software Deals?

The common problem with these $20 Office specials takes a while to express. It all seems to be fine at first: John Q. User buys his Office software from CrayzeeDeals.com, it installs in a flash and works immediately. All of his Word docs open in his new Word 2021 app, and life is good…

Until a few months later. That’s when Microsoft pops up to say that there’s a problem with his license. The message may or may not be helpful, but at the end of it, Microsoft reports that his Office could not be activated and that it will not work until he purchases a valid activation key.

The explanation for this is a bit convoluted: Mr. Cray Z. Deals guessed, hacked or stole a volume license code or developer’s activation key for Office software. And then he sold that code many times to many people on the internet. Those special codes are designed to be used many times, but eventually, Microsoft will do an audit and catch any abuse. And when they notice a particular code being used in places it shouldn’t be, they flip a kill-switch on it. That switch echoes down to all the internet-connected computers where that license is in use. All those Office installations simply stop working.

That time-delay, between Sale and Kill-Switch, benefits the shady salesman. Mr. Deals is usually long gone by the time your Office software goes belly-up, and in many cases, it’s also too late for a charge-back/dispute with the bank. The bad guy gets away with the money, and the victim must then repurchase their software.

If You’ve Been Had

In the grand scheme of things, this scam does not cause lasting harm to its victims. If you’ve been swindled in this manner, the damage is limited to your lost money, and the time you spend pursuing a legitimate license. Your files will be fine. You can safely remove/replace Office software, and your Word docs and Excel spreadsheets will remain in place, waiting to be opened in the next software you load.

You’re also welcome to report this type of fraud to the FTC, if you like. But don’t look for big results. Most of these software scammers are hard to track down or catch. I’m sure the FTC appreciates the information, but their mission is sadly like a never-ending game of Whack-a-Mole with these criminals.

A Scammer Locked My Computer!

January 10, 2023 / Jesse Mueller / 0 Comments

Remote-control scammers are dreadful. They get inside your head and your computer, and do whatever it takes to get into your bank accounts. I really hope you can avoid being tricked by these awful people. But in case you find yourself in a jackpot with these jokers, I need to tell you about one of their worst tactics: Locking your computer against you.

If you’ve been tricked into allowing a bad guy into your PC, your screen may look like the above graphic. That means that they have put a password on your computer, blocking your access to everything! Then the crook tries to ransom your computer back to you. I know this situation feels awful, but if this is where you’re at, don’t lose hope. I’ll explain more and describe your escape plan!

First, Some History

Scammers have doing this for a long time now. They usually surprise their victims with this technique when they sense that their spell is wearing off. Their scams usually start with lies and hypnotism, but they resort to brute force and cruelty as a last resort.

Many years ago, this password-locking tactic was extra-easy for a scammer to use. There was a small hidden feature in Windows (called Syskey) that they could turn on with a quick DOS command. And once enabled, only the scammer knew the password to make the computer usable again.

As news of this spread, though, Microsoft assessed the situation. They looked into that particular Windows feature and realized: Hey, what is that file in there for anyway? It’s no longer needed for Windows to run! So they did the right thing: They crafted a Windows Update to remove it, and nowadays, Syskey is no longer usable to lock any computer.

This just caused the scammers to scrounge for another tool, though. Locking a computer against its owner was too effective to give up. And they happened upon a piece of freeware called Lock My PC. Scammers began using this app to continue their extortions.

This App Has Locked My Computer, What Do I Do?

If you are confronted with the above graphic, then your computer comes second. What comes first?

Get off the phone with the scammer.
Turn off or reboot your computer
Contact your bank(s), if you were tricked into paying any money.
Talk to the police, if any large sums of money were stolen from you.

After all of that, we can resolve the Lock issue on your system.

There’s a small bright side to this tool being used to lock computers. The developers of this app are good people, and they do not like that their work is being used for evil. So they have made a way for you to defeat this lock!

Visit this site for their recovery steps. Follow the instructions, submit the number as shown, and wait for them to email you back. When they send you a code, it should work on the locked-up PC to let back you in.

And after you can access the computer again, uninstall Lock My PC from the Apps or Programs list, so you won’t have to ever deal with it again!

I hope this will get you out of a jam, but if you have any troubles with this, or just want help with the process, give me a call and we’ll get through this together.

Dissection of a Facebook Scam

December 11, 2022 / Jesse Mueller / 0 Comments

The internet is a hotbed for crime, Facebook especially so. It’s simply too big to police. But since we can’t give up using the internet or Facebook, our other options are to prepare, learn and adapt. I encourage you to maintain a rampant skepticism as you use the web.

Come with me and consider the following scam post from Facebook:

This post popped up in a local Facebook group and triggered my Spidey-Sense. But even I had to pause and doubt myself. C’mon, Jesse, it’s just some eggs, people are always selling off their excess henfruit. But as I dissected this post, I knew my gut was right.

The Clues

The first clue here was plainly visible: the poster turned off commenting for their post. Surely, there are good reasons to turn off comments on group posts. But if you are selling something, comments usually aren’t that big of a deal. The next clue is the few comments that occurred before they were turned off:

Notice that the poster is trying to get the commenters to PM her immediately, using identical comments. And the poster commented on her own post, first thing. These do not constitute a smoking gun, but they are suspicious to me, and I see this on many spammy posts.

Going further, I click on the poster’s name and noticed the following:

A new member in that Facebook group? Oh, really? Again, it’s not proof of a scam, but it looks more and more sus, as I go. Next, I clicked further to visit her Main Profile page:

There’s nothing here except for two photos. As I click through every menu, there is no other info to be gleaned. No Details, no Friends, no other Posts, etc. And that’s OK, I recommend that you hide most of your info from public view. But still, most of the locals would have a little something here to make them look authentic.

Next, I went to her two public photos. Those photos had one Like on each of them:

Two very nice looking people… from Kenya. I don’t have anything against the people of Kenya, but what are the odds that this poster in rural Virginia has two friends in Kenya (and no one else!), liking her photos?

The Final Clue

By now, you’re looking this over and nodding your head and thinking, “Yup, sure is fishy.” But thinking like a scientist or lawyer: All of these clues so far suggest something is off, but there is still a non-zero chance that maybe this character is really selling eggs in my community. So let’s go further.

I highlighted and copied the first sentence of her post, and then pasted it into Facebook search field in the left corner. And I turned up another FB post by the same poster:

Different photo, but the same exact text, posted at the same time as her other post. But wait, she posted in a Virginia group, and Nacogdoches is in Texas. And she’s ready to deliver in both states? To quote a Tarantino film, “Now I am calling you a liar, Señor Bob.”

Epilogue

After recognizing the scam on Facebook, I reported the content as best I could, to both Facebook and the group admins. And that’s all you can do, too, when you recognize something shifty on Facebook. Report it, and move on.

Unless you notice someone you know, commenting on or sharing the scam post. Then you might go the extra mile and reach out to them, tell them what they’ve stepped in.

What was the scam, anyhow? It’s probably an advance payment sort of scam, where they try to collect your cash through Zelle or Cash App. If I can message with these scammers and get proof, I’ll update these details.

Stay safe out there, folks!

Brushing Scams

November 27, 2022 / Jesse Mueller / 0 Comments

Here’s a scam that you should know about, but not because it’s particularly dangerous. It’s just weird. But once you know the details about brushing scams, they won’t creep you out, and you can quickly move on from them.

Surprise‽

When an unexpected item arrives at your doorstep, it may be part of a brushing scam. The item may be lightweight or small or just plain curious: people have reported receiving packets of seeds, hand warmers, “dragon eggs“, and even Bluetooth speakers. The packaging often shows an international return address, but no further clues about the point of sale. No bill is included, no company name or URL can be spotted.

Nothing “killer” about this, just an artsy rock…

In general, the items are harmless. There have been no reports of hazardous items being shipped with this scheme. Whatever you receive, you do not have to pay for it, and you are under no obligations regarding what you do with it. Keep it. Donate it. Trash it.

Why Send Me Junk?

This scam is harmless to you specifically, because it isn’t targeting you. Certainly, someone used your mailing address in this scheme. But don’t take it personally. Your address was probably chosen at random, from any number of online public information sources.

The scam’s target is an e-commerce website. It could be Amazon, Wal*Mart, AliExpress or others. They are gaming the reviews in order to sell more merchandise. Their process is:

Create a new account and buy an item.
Have the item shipped to a random address in the USA.
Once the item is shipped, the new account is considered legitimate, and can leave a review. So the account holder leaves a 5-Star review on the item and for the seller.

If they repeat this over and over for a particular item/seller, that item will soon show a lot of trustworthy, 5-Star reviews, even though it may be a new listing or a shady, fly-by-night vendor. This can help encourage a lot of future sales.

Final Takeaways

Most brushing scams give you no info to act on. But if you spot a clue on the parcel and you manage to determine what site it was purchased through, you could follow-up with that company. Don’t call any number listed on the package, but you may, for example, go to Amazon.com or Walmart.com and contact their support about the item. If they care to listen to you, you may ask that they:

File a fraud report for the item you received.
Find and remove any reviews associated with your name or address.

Brushing scams are actually incredibly effective at what they do. Amazon and similar stores are constantly battling fake reviews. But brushing reviews is where the bad guys have the upper hand. Brushed reviews are almost impossible to suss out, even with sophisticated software tools. So at the end of the day, I have to advise you: Don’t give 100% of your trust to online reviews. Sure, read them over, but take them with a grain of salt.

Fake Hard Drives for Sale

November 11, 2022 / Jesse Mueller / 0 Comments

A couple of years ago, I blogged about Fake Flash Drives, and now I have to write a refresh article: You also need to watch out for Fake Hard Drives and Fake Solid State Drives. Please make sure you don’t buy these things!

Good & Bad Examples

First, some examples of legitimate, reliable storage drives:

These items are all fine choices for your data storage. Please note that they are recognizable, big-brand names within the $50-100 price range.

Now for some fakes for your consideration (PLEASE DO NOT BUY THE FOLLOWING PRODUCTS!):

If you regard those items, you should notice some clues that something’s not right. First, there’s no noticeable brand name, or if there is, it’s a name you’ve never seen before and won’t see anywhere else on the web. There’s a big price disparity, too; charging a few dollars per Terabyte of storage is too good to be true.

16TB storage drives do exist, for the rare few of you that need one. If you buy a legitimate 16TB hard drive, expect to pay around $300 at the time of this writing.

Details & Dangers of Fake Drives

The dangers of this scam go beyond losing some money. Your files are at risk if you fall into this trap. These fraudulent devices are mis-manufactured to offer 16TB of storage to your computer. And your computer will believe it when you attach the drive! But there isn’t really that much storage in there. It’s more like a couple of 64GB microSD cards glued to a reader board in these sham drives.

So what happens is that you can try to put data on the device. And it will work, up to a point, but then catastrophe will strike. As your computer pipes data into an area that it thinks is huge but is really much smaller, your data will fall into oblivion. Like lemmings walking off a cliff. And this won’t be apparent until later, when you try to open or retrieve those files. Then you will meet with errors and irrevocable data loss.

Dos & Don’ts

The Too-Long;-Didn’t-Read advice I can finish up with is:

Do pay attention to brand names, and buy something from a recognizable manufacturer.
Don’t jump on amazing prices/deals. If the price is too good to be true, it probably is.
Don’t believe the posted reviews! Amazon and other websites are commonly gamed by the scammers, and a sham product can have thousands of 5-star reviews below it.
Do be judgmental about where you buy (online). Costco, Staples & Best Buy vet their vendors more than Wal*Mart, Amazon and eBay. Avoid those free-for-all marketplaces where anyone can hawk their wares.
Do feel free to report scam products to the website’s support team, but don’t spend a lot of your time or emotion on it. I did that 2 years ago with the flash drive debacle, and it became obvious that these big companies don’t care about or can’t fix the problem from their side.

The Text-Based EBT Scam

October 5, 2022 / Jesse Mueller / 0 Comments

For anyone involved in SNAP or receiving EBT funds, please be aware of the following scam:

This is a text message that did NOT come from the government or any legitimate entity. It is the beginning of a scheme to steal your EBT funds.

If you receive this text, do NOT call the number. Do NOT respond to the text. Simply ignore, delete or block this message.

If someone calls the number in the text, a scammer will answer and pretend to be with the government. They will try to learn the caller’s EBT account info and PIN. Once they have those numbers, the crook will drain the funds from the person’s EBT account.

The legitimate people in charge of SNAP and EBT will never text you. If you need to contact them, find their official phone number on this list and call them. And if you have fallen victim to this scam, please call your state’s EBT Client ASAP to see if anything can be done.

The Hybrid Paypal Scam

September 15, 2022 / Jesse Mueller / 0 Comments

I’ve seen plenty of Paypal-related scams, but this one is the slickest I’ve encountered to date. Pay attention and don’t be fooled if this shows up on your doorstep:

The Scam Arrives

You’ll see this scam arrive either in your inbox as an email, or in your Paypal account as a transaction under Activity.

Are you a believer yet? I wouldn’t blame you, because this is not your typical fake-email. This is an authentic Paypal email, and it takes you to the true Paypal website to view a real Paypal invoice! Nothing has been spoofed or faked here. The Paypal invoice can even be downloaded as a PDF from their website. The only lie is what’s shown in the Seller’s Notes field.

What is truly afoot here is that someone’s Paypal account has been stolen and is being used to send payment requests. Paypal calls them “invoices”, and that terminology only serves to make the scam look even more important.

The Two-Fold Danger

You’re at risk from two different directions with this scam. Make sure you don’t get taken by either of these:

The cybercriminal is trying to trick you into paying the bill with a quick click.
The crook wants you to object to the bill and call the phone number listed in the Seller Notes.

For anyone moving too quickly and not thinking enough, #1 quickly puts $500 in the thieves’ pocket. The money will be transferred into gift cards or other untraceable ratholes, and the victim will have a hard time clawing that money back.

#2 leads to a typical remote support scam. If you call the number, you’ll talk to a scammer who will seek to remotely access your computer, steal your money and possibly bork your PC.

In short: do NOT pay this bill, and do NOT call the listed phone number.

What To Do With This Hybrid Scam

First, be very careful as you deal with this. Make sure to avoid any “Pay Invoice” button. It’s safe to view the invoice and other screens in your Paypal account, but you must not accidentally pay the scammer.

Next, much like with an accidental payment scam, you can simply ignore the invoice. Nothing bad will happen if you simply do nothing with this Paypal item. It will sit there inert, until some day when Paypal catches up and removes it.

Alternatively, you can cancel the invoice. Sign into your account at Paypal.com, click on Activity, and select the scam invoice. Right below the blue Pay button, you may safely click on “Cancel Invoice”.

Lastly, you may reach out to Paypal support, if you want them to know about the scam attempt. Once you’re logged in at Paypal.com, scroll to the bottom of the site and look for the Contact link. Click it and make use of the Call Us or Message Us options to reach out to them.