Published January 31, 2023
The world of online retail can be a boon for scammers. From identity theft to stolen credit card information, there are risks to shopping and doing business virtually. Unfortunately for consumers, so-called invoice scams are just another thing to keep an eye on.
For those who regularly handle invoices, either as part of your job at the University at Buffalo, or in your personal life, the invoice scam is particularly dangerous. Invoice scams most commonly appear as email messages informing you that you have received an invoice via a financial service like PayPal, or a retailer like Best Buy.
With the PayPal scam, if you click the link and pay using your PayPal account, your money will be gone instantly, transferred to the scammer who sent the invoice.
This scam hinges on the fact that these fake invoices aren’t technically fake at all: they are real PayPal invoices, created by fraudsters to mimic an invoice from a real entity like GoDaddy or the World Health Organization (WHO).
The idea is that, because the invoice appears to come from a well-known and reputable organization, you may believe the invoice is legitimate and pay up without thinking. Because the invoices are real PayPal invoices (albeit created fraudulently), once you click “Pay” your money will be automatically transferred via your PayPal account to the fraudster.
While it may not be possible to retrieve your money, the best chance is to file a dispute with PayPal for fraud:
The Best Buy scam works a bit differently. Scammers, impersonating Best Buy’s “Geek Squad,” are sending out fraudulent renewal notices. The invoice, which has a “Geek Squad” logo, claims that a charge of $349 will be placed on the person’s account within 24 hours unless they call the number provided on the invoice to cancel the auto-renewal.
Calling the number may result in a scammer gaining remote access to your computer. From there, they may be able to access your banking information, and deplete your bank account.
In general, be skeptical when receiving an invoice that can’t be tied to a specific purchase or work order. You can contact the entity the invoice is purportedly from (look for their contact info online; don’t contact the person who sent the invoice directly) to confirm its legitimacy.
No matter what form they take, scams often have common warning signs you can watch for, including:
Preventing fraud and maintaining a safe online environment for work and learning at UB is among UBIT’s top priorities. But we can’t do it alone.
If you think your UBIT account has been compromised, contact the UBIT Help Center to report it right away; we can help you reclaim your account and prevent the compromise from spreading.
If you believe your computer has viruses or malware, we can help with that too. Students should contact the UB Tech Squad, while employees with UB-owned devices should contact their departmental support staff.
To report phishing attempts, follow these steps on the UBIT website.