Phishing in Plain Sight: The Fake PayPal Bitcoin Invoice Scam
Our inbox lit up with a chilling notification: a $769.88 invoice from PayPal, addressed to the Leo Club of Kolonnawa’s official email. The payment was allegedly complete. The item? Bitcoin. The method? Auto-debit.
We hadn’t made this transaction.
And just like that, another dangerous scam made its way into Sri Lankan inboxes.
This wasn’t just a weird spam message — it was a carefully crafted phishing attack, part of a growing wave of crypto-themed frauds that exploit brand trust and digital confusion. As part of our Hacked awareness series, we’re breaking down what this new threat looks like — and how to stay ahead of it.
🧾 What the Fake PayPal Invoice Looked Like
Styled to resemble a genuine PayPal billing notice, the email featured:
- A clean PayPal-branded layout
- An invoice number: 4451721256
- A message that reads: “Thanks—your payment is complete…”
- An alarming line: “Kindly review your billing details to ensure no service disruptions occur in future.”
- A customer support number: +1 (808) 788-2527
- An item description: Bitcoin (0.0075 units)
- A total price of $769.88
- Terms suggesting you’ll be “charged anyway” unless you respond
The message creates urgency, fear, and the instinct to act immediately.
🧠 This Is a Phone-Based Phishing Scam — Not Just a Fake Email
Here’s the twist: there are no links in the email.
Instead, you’re urged to call the number provided.
This scam falls under a newer form of phishing known as callback phishing (also called “vishing”). The idea is to manipulate the victim into initiating contact — making them feel more in control and less suspicious.
But once you call, the scam begins.
🎭 What Happens If You Call the Number?
If you dial the number in the email, you’ll likely speak to someone who sounds professional — polite, calm, and helpful. They’ll say they’re from PayPal’s “fraud department” or “crypto support team.”
Then:
- They claim your account was used for unauthorized crypto activity
- They offer to reverse the charge — if you verify some details
- They ask for personal or banking information
- Or worse: they request remote access to your device using software like AnyDesk or TeamViewer
- In some cases, they walk you through a “refund” that results in you transferring money to them
The moment you give them access, your email, passwords, bank accounts, and saved browser logins are all at risk.
🔥 Real Users, Real Targets
This kind of scam is spreading fast — and not just in English. Sinhala- and Tamil-speaking users in Sri Lanka have begun receiving similar invoices, referencing services like:
- Norton
- McAfee
- Netflix
- Microsoft
- Binance
- and now, PayPal + Bitcoin
Scammers change the names and layouts — but the trick is always the same: panic, fake authority, and pressure to act fast.
🚩 Key Red Flags in This Scam
| 🔴 Red Flag | 💬 Why It’s Suspicious |
|---|---|
| “Bitcoin” listed as item | You can’t send Bitcoin via PayPal invoices |
| Urgent message asking you to call | Pressure-based manipulation tactic |
| Random phone number | Not traceable to PayPal or any real company |
| “You’ll be charged anyway if you don’t respond” | Fear-based tactic to prompt a call |
| No links, just a phone number | Designed to bypass spam filters and feel safer |
| Uses a real-looking layout and ID number | All faked to gain credibility |
💡 What to Do If You Receive an Email Like This
If something about a billing email feels off:
- Do NOT call the number listed in the message
- Do NOT reply to the email — it’s spoofed
- Log in to your PayPal account directly via paypal.com — check for real activity
- Report the email as phishing in your email platform
- Alert your organization or IT team if you received it at work
Forward the email to: phishing@paypal.com
🧠 How to Outsmart These Scams
- Pause before you panic.
If the email feels urgent or emotional, that’s intentional. Breathe. - Never trust phone numbers in suspicious emails.
Always verify company hotlines via official websites. - Don’t give out banking info or OTPs.
Real companies will never ask for this over the phone. - Never install apps or screen-sharing tools at a stranger’s request.
Remote access = total access. - Ask for help.
If you’re unsure, talk to someone. A 30-second conversation could save your data.
🛡️ The Bigger Picture: Sri Lanka’s Vulnerability to Phishing
According to cybersecurity analysts, Sri Lankan inboxes are increasingly being targeted with region-specific invoice scams. Why? Because many users still associate printed or formal-looking documents with legitimacy — even when sent by email.
These scams prey on trust, isolation, and the lack of local digital literacy.
📣 A Call to Action — Let’s Outsmart the Scammers
Project Hacked is more than a campaign — it’s a conversation. If you’ve received one of these fake invoices, spoken to a scammer, or nearly got tricked — you’re not alone.
Talk about it. Report it. Help someone else stay safe.
📲 WhatsApp: wa.me/94711177990
📞 Call: 071 117 7990
📧 Email: hackawareteam@gmail.com
🔐 Stay Aware, Stay Empowered
Scams evolve — but so can you.
Share this article. Bookmark it. Forward it to someone who might not know this is even possible.
Because the best defense isn’t a firewall.
It’s knowledge.
And now you have it.
—
An Article by the Hackaware Team
For real stories, live case breakdowns, and protective tools — follow Project Hacked.
