Invoice scams are on the rise. 1,600 people search for “PayPal invoice scams” every month in the US alone. Add that to other invoice scams pretending to come from Best Buy subsidiary The Geek Squad, accounting package Quickbooks, and even anti-virus software like Norton. This all adds up to tens of thousands of people each month being at risk of becoming victims of scams like PayPal invoice scams.

I will tell you how PayPal invoice scams work, how to recognize them, and how to stay safe. Lastly, I will tell you what to do if you do unfortunately fall victim.

How a PayPal Invoice Scam Works

PayPal invoice scams can be both easy to fall into and financially very painful because it is a trusted financial brand that many millions of people use in both businesses and for the ‘safe’ purchase of online goods.

PayPal has a good article giving a short example of how they work, but I’ve summarized the two main types of scams below:

PayPal investment scams can take a few different forms:

  • Type One: You get what appears to be a PayPal invoice for a product or service that you never ordered. If you fall for it, you will not only send scammers money but likely also reveal personal information such as credit card details which can be used again or sold to other scammers.
  • Type Two: You receive an invoice or money request containing an urgent message, demanding urgency for you to resolve a supposed problem with your account. The note may ask you to call a customer service number (which will be fake) or visit a website that looks exactly like PayPal in the hope they can steal your personal details.

Be warned. These PayPal invoice scams are becoming more difficult to detect. Gone are the days when you could rely on spelling mistakes, poor grammar, and logos that don’t look quite right. Sure, amateurs still make these mistakes, but well-funded scammers make it very hard to detect that they are not the ‘real deal.’

How to protect yourself from PayPal Invoice Scams

It goes without saying that you need to be vigilant when receiving emails that appear to be from a legitimate company like PayPal. These are six steps that, if followed carefully, will reduce the risk of you falling for PayPal invoice scams.

At a minimum, you should follow these basic steps:

  1. Check the sender’s email address to make sure it is from the company domain, (eg., not from, or, or etc). Note: do not rely on the email display name. You need to hover your mouse over the email address to reveal the domain behind it,
  2. Check carefully the content of the email, does it appear legitimate? If you are not 100% sure, contact PayPal (or whichever company it is) directly from contact details you find through their legitimate domain (eg.,
  3. Is the email addressed to you personally, or generically to “Dear customer?” If it is generic, be suspicious,
  4. Never ring the phone number on the invoice (it may be to a fake customer service team that’s part of the scammer syndicate),
  5. Never click links on the invoice (it could download dangerous malware or take you to a fake domain),
  6. Go to the correct domain by typing it into your internet browser, and log in from there to check your account. If you need to, contact the customer service team from the contact details on the correct domain.

NEVER do the following:

  • NEVER send crypto. A legitimate company like PayPal will never ask for crypto. That’s a sure sign of a PayPal invoice scam.
  • NEVER send gift cards, online game cards, or vouchers of any kind. Scammers use these to avoid using banks.
  • NEVER give out your username and password. Any person asking you for your details is a scammer.
  • NEVER click a link in a suspicious email, and if you do make that mistake, never download any software that it may ask you to download.
  • NEVER give in to a stated sense of urgency. The scammers need to stop you from thinking clearly and get you to react out of emotion, and especially out of fear, so they will push you to take action quickly before you have time to think.
  • NEVER follow the scammer’s request to go to a communication channel like WhatsApp. They will try and manipulate you into revealing more personal information and will try to steal more money from you.

DO do the following:

  • DO take a step back and ask yourself if what is in front of you makes sense. Check for the warning signs listed above.
  • DO ask someone else you trust (and has some tech ‘savvy’) about the email, to get their opinion on what they see, and does it look like a PayPal invoice scam to them?
  • DO contact the company from their legitimate contact details you find online, and they will tell you if it is a PayPal invoice scam or a legitimate problem you need to address, (read Paypal’s instructions here),
  • DO upgrade your passwords online, using different and complex passwords at least 8 or 9 characters long. Update regularly to keep scammers out. (I suggest using a password manager to remember these passwords. Sorry, but the days are long gone when you can use passwords that you can remember in your head, like children’s birthdays. Scammers can get personal information about you and your family and use powerful computers to try many combinations to brute force their way to the right answer.)

What to do if you fall victim to a PayPal Invoice Scam

If you are here because you didn’t know the above warning signs, or perhaps you were caught out in a moment of weakness – don’t panic.

Here’s what you should do:

  1. Contact the company from which the scam email was supposed to come from. PayPal has contact details on their website, such as [email protected],
  2. Cancel credit cards that you have given away the details of to the PayPal invoice scammer,
  3. Keep copies of everything the scammer has sent you, whether by email, phone, or messaging app,
  4. If it is a significant amount of money, file a crime report with police in your area. Get a crime report number, as it may be useful later even if the police say they can’t help,
  5. Change passwords to the account and set up 2FA if you haven’t already.
  6. If you use the same password on other websites or online accounts, change them NOW. They are also at risk.
  7. Download a program like Malwarebytes and do a full scan of your computer for any sign of malware. (Rexxfield has no association with Malwarebytes, it’s just a tool that the author has used personally for years. You may prefer something else.) It is free long enough for you to do a full scan.
  8. Monitor your bank accounts and financial statements for signs of fraud,
  9. Lastly, if you have lost a significant amount of money (in excess of USD$100,000) then contact Rexxfield and tell us what happened. We have an amazing toolkit of experience, tools, and network to unmask who the PayPal invoice scammer is, and maybe get your funds back. Why only contact us for losses over $100,000? … because investigations take a lot of resources with uncertain outcomes, and so there is little point in spending thousands on trying to recover a (relatively) small amount of money.
Fake PayPal Invoice Scam example, Source: Paypal

What Can Rexxfield Do about PayPal Invoice Scams?

Rexxfield has significant experience investigating, unmasking and recovering funds stolen in scams such as PayPal invoice scams.

We are not going to tell the scammers our secrets, but here’s what we will do:

  1. We will ask you for all the details you can provide about the scam. All emails, phone numbers, and messages. Everything.
  2. We will determine if it is a case we take on. Are the losses high enough, is it in a jurisdiction we can assist, what has been done already, how long ago was it, what was the method of payment, how much intelligence can you provide us with, etc.
  3. We will quote you with an investigation cost, and our target outcomes,
  4. After reaching an agreement, we will begin our investigation,
  5. Blockchain (if crypto is involved), OSINT (open source intelligence), reverse social engineering, and orphaned urls may be used to gather digital forensics of the tech the scammer is using. We will use also our network to gather intelligence which can even lead to IP addresses, photos, names, email accounts, phone numbers, known associates, addresses, geo-locations, whether they are associated with other scams, other known victims, and much more.
  6. We use the intelligence we obtain to devise a strategy for recovery. The strategy will depend on the case. Is it a crypto exchange freeze? Is it action against the bank or financial institution that was the topic of the phishing or involved in the payments you made? Is it helping law enforcement to kick in a door, make an arrest and seize assets? It depends.
  7. We can not promise a positive result. We don’t know until we investigate, but our fee structure shares the risk so that your cost of failure is as low as possible.

Contact Rexxfield and talk to us about your loss.

Rexxfield Case Study

Some details changed for privacy.

In August 2023, a US company lost nearly USD600,000 in a business email compromise attack. It wasn’t specifically a PayPal invoice scam, but a similar phishing attack where the company was tricked into believing an email was real, and as a result had their vendor-business banking details compromised.

They engaged Rexxfield immediately. We investigated and found parties that should be subpoenaed. We ghost-wrote the subpoenas for the US Secret Service task force team members to expedite the discovery process. We also analysed emails, phone records, digital logs (in this case the MS Office 365 log files) to identify the breaches, email rule changes and so forth.

Within just three weeks we had traced the fiat laundering attempts into the blockchain, and from there we were able to defeat the crypto-mixer obfuscation attempts. We then were able to get frozen over half the lost funds USD300K in crypto at a major crypto exchange, and lesser amounts in smaller exchanges. During the process, we also identified and had frozen over USD2 Million in criminal proceeds, which will be returned to the victims of the same crime syndicate once those victims are identified.

That last point is another reason why you need to contact us.

When investigating these types of crimes, the scope can often increase as we identify other crimes that may be directly connected to the one we are investigating. We may be able to find your lost funds, even if we aren’t looking for them!

But we can’t help get the funds returned to you if we don’t know about your loss.

Contact Rexxfield

If you have lost a significant amount of funds from a BEC (business email compromise) or PayPal invoice scam or other type of email scam, contact Rexxfield immediately and we’ll tell you if we can help.

Warning & Disclaimer

This is not financial advice and nor is it legal or professional advice specific to your situation. It is general in nature, designed to help you stay safe. But we can not make any guarantees. Even if you follow our general advice here, or elsewhere on our website, you may still fall victim to a PayPal invoice scammer or other type of scam. There is a ‘cat and mouse’ game going on that is ever changing, with scammers learning and counter-punching to close loopholes and working daily to get better at stealing from you without detection. Rexxfield and others can warn you, but we can never prevent you from falling victim to a scam, even if you diligently follow our general advice. We accept no responsibility from your use or failure to use, in part or in whole, what we have written about at So please be careful.