I should know: it happened to me this weekend. I could solve it easily enough, but as a trained reporter, I decided to put on my journalist hat and understand why this is happening, or at least what PayPal is doing about it.
For starters, a simple search on Twitter and user forums will suggest that I am not alone and this scam is not new. The organization in question isn’t always DirectRelief (GoDaddy and the World Health Organization have also posed themselves as such), but the general email template remains consistent. (The spelling and copy editing not so much.)
Somebody sent me a legitimate Paypal invoice. Apparently they just needed my email address to do that?
It took a while to figure out how to cancel; I was worried for a hot minute
̵1; Derek Slenk (@derekslenk) August 31, 2020
. @ AskPayPal PayPal does not seem to have a reporting path for real bills from fraudulent accounts. There’s a seedy California Wildfires walking around with deliberate text obfuscation. Stay frosty guys. pic.twitter.com/3Dwb6LKeLS
– Bill Eager (@beager) August 30, 2020
In a statement to Engadget, a PayPal spokeswoman confirmed the scams. “We are aware of this and believe that it is a common system in which a brand name is used,” said the spokeswoman. “We take any potential fraudulent scheme seriously, have worked to remove the bogus invoices and ensure that our customers’ information is safe.” The representative continued, hinting at preventive measures: “In addition to employing a number of sophisticated proactive detection and mitigation methods, in a situation we will take swift action to protect our customers’ accounts.”
The spokesman declined to clarify what PayPal’s fraud detection tools are. Nor did she respond to questions about what guardrails prevent someone from sending an invoice. Aside from further clarification from PayPal, it seems that anyone can bill anyone.
In this case, your reactive approach may be the most reactive: to dispute the transaction through PayPal. Which is hardly a satisfactory solution. It’s worth remembering that PayPal, a company with a market cap of $ 239.5 billion, doesn’t have 24-hour customer service. The Resolution Center is not available in the mobile app – only in the web dashboard – and you have to wait for the transaction to cross the threshold from pending to completed in order for it to be reportable at all. PayPal clearly has a fraud problem. But until the company improves its detection tools, it is up to customers to play in quick succession.