Fake PayPal Invoice Redirection Scam
Criminals send convincing PayPal-branded invoices or payment requests to redirect legitimate business payments into accounts they control.
Part of: Invoice Redirection Fraud
Last reviewed: 8 June 2026
PayPal's invoice and payment-request feature is a genuine tool used by millions of freelancers and small businesses. Scammers exploit this by sending official-looking PayPal invoices — sometimes even generated inside PayPal's own system using a free account — with fraudulent payment instructions buried in the notes or a spoofed sender address.
The attack is particularly effective because the email may legitimately originate from paypal.com. A scammer creates a free PayPal account, raises a payment request against a victim's email, and PayPal's own servers deliver a notification that passes most spam filters. The fraudulent instruction — such as a fake phone number for 'PayPal Billing Support' or a different payment destination — appears in the memo or attached PDF.
Small business owners waiting on genuine vendor payments are especially vulnerable. They receive what appears to be a PayPal invoice from a known supplier, click pay, and send money directly to the scammer's wallet before anyone notices the account details were swapped.
How this scam works on the PayPal brand
The most common variant involves a scammer raising a real PayPal payment request to a victim's registered email. The invoice amount looks legitimate and the PayPal branding is genuine, but the 'note' field contains a fake customer-service number and instructs the recipient to call before paying to 'verify the invoice.' When the victim calls, the scammer impersonates PayPal support, gains remote access, and either processes a larger unauthorised payment or harvests login credentials.
A second variant targets businesses that receive PDF invoices from suppliers. The scammer intercepts or forges an email thread, substitutes their own PayPal.me link or account email in place of the real supplier's, and sends it just before payment is due. Because everything else in the email chain is genuine, bookkeepers often pay without cross-checking the destination account.
In both cases the real PayPal has no knowledge the fraud is occurring. Once money is sent via a PayPal goods-and-services request to an unknown party, recovery depends entirely on PayPal's Purchase Protection — which does not cover payments made under duress or to a fraudulent party posing as a service provider.
Common red flags
- A PayPal invoice contains an unsolicited phone number asking you to call before paying.
- The PayPal sender email is not the address you have on file for your supplier.
- An invoice arrives just after you discussed payment terms with a real vendor — a sign someone intercepted the conversation.
- The PayPal.me link or account name does not exactly match the business name you expect.
- The invoice note says your account is 'flagged' and you must verify payment by phone.
- You receive an unexpected PayPal payment request from someone you have never transacted with.
- Urgent language presses you to pay within the hour to avoid a fee or penalty.
How to protect yourself
- Always verify new or changed PayPal payment details by calling the supplier on a number from your own records, not from the invoice.
- Log in directly to paypal.com to check whether a payment request is real — do not trust links in emails.
- Set up a verbal code word with regular suppliers so any change to payment details must be confirmed with the code.
- Enable PayPal notifications so you see all activity in real time and can spot unexpected requests immediately.
- Never call a phone number printed inside a PayPal invoice — look up PayPal's support at paypal.com/help.
- If you pay by mistake, report the transaction in your PayPal account and open a dispute immediately before the scammer withdraws funds.
- Use PayPal Goods and Services — not Friends and Family — for business payments so Purchase Protection applies.
How to report it
- Forward the suspicious email to [email protected] so PayPal's security team can investigate.
- Report the transaction inside your PayPal account: Activity > select transaction > Report a problem.
- File a complaint with the FTC at reportfraud.ftc.gov.
- Report to the FBI's Internet Crime Complaint Center at ic3.gov.
- If you paid and want a chargeback, contact your bank or card issuer immediately as a parallel action.
Frequently asked questions
Can a scammer send a real PayPal invoice from a fake account?
Yes. Anyone with a free PayPal account can send a payment request to any email address. The email will come from a legitimate PayPal domain, but the account behind it belongs to the scammer. Always check the account name and verify out-of-band.
Does PayPal Purchase Protection cover invoice-redirection fraud?
Purchase Protection applies when you pay via Goods and Services and don't receive the item. It is harder to apply when the goods or service simply went to the wrong payee — report it immediately and PayPal will investigate, but outcomes vary.
How do I check a PayPal invoice is from my real supplier?
Log in to paypal.com directly, check the sender's PayPal account name and email, then call your supplier on a trusted number to confirm they sent it.
What should I do if I already paid a fraudulent PayPal invoice?
Immediately open a dispute inside PayPal (Activity > transaction > Report a problem), contact your bank if a card was used, and report to reportfraud.ftc.gov. Speed is critical because scammers withdraw funds quickly.