Published April 29, 2022
If you regularly handle invoices as part of your job at the University at Buffalo, this one is especially dangerous. Fraudsters are sending fake invoices via PayPal… and some are paying up without thinking twice.
These scams most commonly appear as email messages informing you that you have received an invoice via PayPal. If you click the link and pay using your PayPal account, your money will be gone instantly, transferred to the scammer who sent the invoice.
In general, be skeptical when receiving an invoice that can’t be tied to a specific purchase or work order. You can contact the entity the invoice is purportedly from (look for their contact info online; don’t contact the person who sent the invoice directly) to confirm its legitimacy.
This scam hinges on the fact that these fake invoices aren’t technically fake at all: they are real PayPal invoices, created by fraudsters to mimic an invoice from a real entity like GoDaddy or the World Health Organization (WHO).
The idea is that, because the invoice appears to come from a well known and reputable organization, you may believe the invoice is legitimate and pay up without thinking. Because the invoices are real PayPal invoices (albeit created fraudulently), once you click “Pay” your money will be automatically transferred via your PayPal account to the fraudster.
While it may not be possible to retrieve your money, the best chance is to file a dispute with PayPal for fraud:
No matter what form they take, scams often have common warning signs you can watch for, including:
Preventing fraud and maintaining a safe online environment for work and learning at UB is among UBIT’s top priorities. But we can’t do it alone.
If you think your UBIT account has been compromised, contact the UBIT Help Center to report it right away; we can help you reclaim your account and prevent the compromise from spreading.
If you believe your computer has viruses or malware, we can help with that too. Students should contact the UB Tech Squad, while employees with UB-owned devices should contact their departmental support staff.