PayPal Invoice Scam Resurfaces With Crooks Using Apple As Bait

A hacker holding a fishing line with an apple used as bait, dangling in front of a MacBook.
Scammers are actively phishing for victims through a tried-and-true Paypal invoice scheme, in hopes of tricking people into thinking they've been charged for an Apple product. I know this because I received a fake invoice purporting to originate from an Apple Store, with the scammer claiming I made a $1,299 purchase, a price that lines up neatly with Apple's recently released 13-inch iPad Pro with an M4 chip inside.

These kinds of invoice scams are far from new in the world of online fraudsters, and of course phishing has been around since practically the dawn of the internet. However, the timing of this apparent campaign is what makes it stick out. It comes on the heels of Apple launching several new generation M4 iPad Air and iPad Pro models, which makes these emails more convincing if you let your guard down, and/or for less savvy users.

Here's a look at the email...

Email showing a PayPal invoice scam.

"Your payment processed successfully with your checking account. A charge of 1299. 00 USD will be auto-debited from your PayPal account. If you did not authorize this charge, please call PayPal at +1(866) 483-7955. Our service hours are from 6:00 AM PT to 6:00 PM PT, Monday through Sunday," the email states.

One telltale sign that it's a fake invoice is how the amount is listed, with an unusual space showing the amount as "1299. 00 USD" instead of $1,299.00 USD" in the seller's note. Otherwise, it looks fairly legit at first glance—there does actually exist an Apple Dadeland store in Miami, Florida.

Additionally, the email originates from a legitimate PayPal email address, complete with a link to an actual invoice on PayPal's website. That's because anyone can generate a PayPal invoice and send it to someone's email. The scammers hope that victims will either (A) pay the invoice or (B) call up the fake number listed in the email and divulge their payment details while trying to sort out why an unexpected charge is seemingly showing up.

"Invoice and money request scams often try to trick you into sending money to a fraudster. Or they may ask you to call their phone number, hoping you’ll divulge your personal or financial details over the phone. Be wary of alarmist messages in invoices and money requests warning you to call them quickly to resolve an 'issue' on your account. Always log in to your account on the PayPal website or the PayPal app to verify if any action is needed," PayPal warns.

PayPal's advice is sound—it says to avoid these scams by never paying for a suspicious invoice, never calling the phone numbers listed in these kinds of emails, never opening suspicious URLs, and never sending money to a cryptocurrency wallet that's mentioned in an invoice or money request. It also encourages users to forward these scam emails to, and then deleting them from your inbox.

To PayPal's credit, it nuked the invoice I received almost immediately. The scammer then sent another invoice for the same amount, which was subsequently removed as well. In both instances, the invoice link was replaced with a message saying, "We removed this invoice because it may have been a scam. Our fraud detection tools work around the clock to help keep online commerce safe for everyone."

Keep your head on a swivel, folks, and remind your less savvy friends and family members to be on the lookout for this sort of thing.

Top image source generated by Microsoft Copilot (Designer) and Photoshop