Scammer is sending PayPal invoices for domain renewals.
Fake domain name renewal emails are nothing new, but some aspects of one making the rounds are.
A Domain Name Wire reader received a fake renewal notice today. Instead of being sent from the scammer, the person sent it as a PayPal invoice. Here’s what it looks like:
A message on the invoice states:
The paid registration period of the domain [domain] expired. It is necessary to pay for the prolongation of domain name within a day from the date of having notice. We would like to inform you that if payment is not made within the specified time frame, domain delegation will be terminated. The domain will be deleted from the registry and can be accessible for registration to other customers.
The link goes directly to PayPal to make the payment, and the invoice includes the GoDaddy logo:
Anyone can upload the logo of their choice when sending PayPal invoices. They’re supposed to use their own logo, though.
Clearly, the scammer is harvesting Whois to send these invoices.
The good news is that PayPal offers buyer protection, even for intangible goods. I suspect PayPal will be on to this quickly as it has systems in place to prevent scams.
They don’t have systems. PayPal allows for scams to happen and they only refund you if you select the option for protection. Friends and family is the default selection and PayPal omits info that can help prevent it. Sadly I just got suckered last week because I didn’t see that the account was not verified and non US. Had I seen that in the mobile app I wouldn’t have put a deposit down for a puppy.
Invoices can’t be paid by Friends and Family payments, but you’re right that those payments lack buyer protection.
Anyone who gets tricked by this would be able the file a dispute with PayPal, and the onus would be on the recipient of the funds to prove he or she delivered service.
I run a site that delivers a digital service and there are a couple fraudulent disputes filed each year. And I have to spend an hour or more defending each one, not for the money but to keep a clean record.
Lose enough disputes and PayPal will close your account. Of course the scammer will just create a new one when that happens.
this sentence
“The good news is that PayPal offers buyer protection, even for intangible goods” is mostly wrong.
Paypal ecosystem is clearly oriented to physical goods, services are in a loophole, except that you can get a USPS tracking number when you purchase / renew a domain.
quoting paypal:
Protected transactions
We cover physical goods (not digital items or services) that are sold and shipped with proof of delivery from within the United States to buyers around the globe. To help ensure you’re protected, ship within 7 days to the address indicated in the transaction details, and provide an accurate delivery estimate. Be upfront about all the details of the item – specifically defects, use, and abnormalities.
https://www.paypal.com/us/webapps/mpp/security/seller-protection
I appreciate your effort to make this attacker known, and anything involving paypal, must be double, triple an so-on checked.
In fact, the first handy tip for being secure with paypal, is
– don’t use paypal –
Hi Andrew,
Thanks for sharing.
This really looks one step further in fraudulent practices..
Thanks,
Ravi.
https://drive.google.com/open?id=1F-L_4aH7TdecPZRziL36SFybme0VYCIZ
– this is the first account https://drive.google.com/open?id=1VEPAPAyTj25i9rHesyboHhxFkB-jP0Nm –
account in a month
Answer GoDaddy – https://drive.google.com/open?id=14lYen3HXjkEu7GTGIjzudiZUGC1l1MZ- ))) Charlatans.
Can you translate? What’s the issue?
It is better to contact your provider or seller to send you their PayPal invoice directly. You can as well put a call through to be sure that the right person is to be paid for the right service or product. It is not wise to receive a PayPal invoice and then proceed to pay with out doing a diligent search. I have only paid with PayPal once for renewal of a domain and it was very easy for me to pay my provider “not (DNW) though”. They didn’t state PayPal as an option for payment until I requested to use it and it was sent.
I received one of these and it was quite obviously scam. The real frustration is the lack of any method to delete it. I’ve found the best method of keeping a PayPal account is to contact them as little as possible but in this case I’m not sure there is an option other than Constable having an ‘unpaid’invoice popping up.
PayPal suggests emailing the entire email to [email protected]. Here’s the link to the page: https://www.paypal.com/webapps/mpp/security/report-problem?utm_source=unp&utm_medium=email&utm_campaign=PPC000977&utm_unptid=12747206-e0ad-11e9-bd49-5cb90192d160&ppid=PPC000977&cnac=US&rsta=en_US&cust=FLWMNEJULZJHL&unptid=12747206-e0ad-11e9-bd49-5cb90192d160&calc=4040b994293e0&unp_tpcid=invoice-buyer-notification&page=main:email:PPC000977:::&pgrp=main:email&e=cl&mchn=em&s=ci&mail=sys
I received a renewal invoice this morning. I didn’t pay it because I cancelled my domain just yesterday. The invoice was texted to my business phone. My domain is private but they drilled through my business phone on my site and used my business number to text me. How they got onto my PayPal account I don’t know. Changed all passwords and turned on authentication.
November 22, 2019. Just received this same invoice today. I notified Go Daddy and PayPal. I hope my phone isn’t jacked because I clicked “view and pay” invoice which took me to my PayPal account. Ugh, I’m always SO careful but THIS.
Now a scammer is sending real invoices through PayPal for supposedly promised donations to the World Health Organization. The invoices WERE on my PayPal account. I was never asked for money nor promised money – but received two invoices today. I was able to cancel the invoices, but some people are finding that the Cancel button has disappeared.
Godaddy save to your customer accounts database
all payments made through paypal, if they can do this, Godaddy with more than 20 million some must be more intelligent than Godaddy’s internal security to make their invoices.