Kingston Police report that cybercriminals are using PayPal to send fake invoices and get past spam filters, which would normally prevent scam emails from landing in inboxes.
“Email spam filters are useful tools that prevent many scam emails from arriving in your inbox,” Kingston Police said in a release. “Many users rely on spam filters to block phishing emails and, as a result, trust that emails sent to their inbox are legitimate. Cybercriminals take advantage of this trust by using legitimate websites like PayPal to send phishing emails and avoid spam filter detection.”
In a recent scam, police said that cybercriminals will send a fake invoice through a real PayPal account. “Because emails from PayPal are not seen as spam, the email will probably be sent to your inbox rather than your spam folder,” police said. “The email will look legitimate since it’s from a real PayPal account, but don’t be fooled. If you pay this invoice, you won’t get a valuable service. Your money will instead go straight to cybercriminals so they can use it for their own purposes!”
To protect yourself from this malicious scam, Kingston Police provided the tips below:
- Don’t rely on email spam filters to block phishing emails sent to you. Check emails for red flags like urgent deadlines and scare tactics to identify potential phishing scams.
- To verify the legitimacy of an invoice, contact the service provider directly by using a known phone number or email address. Do not use the phone number or link sent in the invoice to contact the service provider.
- Don’t trust the legitimacy of an email just because it was sent through a trusted website. Cybercriminals can use trusted websites to make their scams more believable.