Find a location
Find the SCORE location nearest to you.
Search Locations
How Scammers Use Small Business Names to Send Fake PayPal Invoices
>
October 27, 2025
Woman using credit card and laptop to pay bills

Sponsored Content

In Connecticut, a vintage furniture shop called Palomino Bazaar discovered its name on more than 200 fake PayPal invoices sent to people across the U.S. The owner, Kate Ferguson, wasn’t chasing payments—her business was inactive. But her inbox and phone lit up anyway: confused strangers, even a whole school district in Pennsylvania, asking about “their” bill. (source: ctinsider.com)

The invoices looked real and demanded about a thousand dollars. Instead of a normal PayPal button, the message told recipients to call a phone number to “fix the problem.” That number belonged to the scammers. Kate reported the scam to the Better Business Bureau and closed the PayPal account in question. She suspects the email tied to that old account—using the same password as PayPal—was compromised. The fallout didn’t stop there. People began confusing the scam with her separate interior design company, Palomino Interiors, putting that brand’s reputation at risk for something she didn’t do.

How the PayPal Invoice Scam Works 

When you’re the person who receives the invoice

You get what looks like a real PayPal invoice or money request. The note field is urgent: “Call now to cancel,” “Your account is compromised,” “Dispute within 24 hours.” But the phone number is the trap and if you call, the “agent” keeps you on the line and steers you into sharing card details, installing remote-access software, or sending a “cancellation” payment that goes straight to them.

What’s real vs. fake here?

The invoice format may be genuine (anyone can send you a PayPal money request if they know your email). The instructions are the scam. Real issues can be handled inside your PayPal account, no mystery phone number in the notes.

When it’s your company’s name sending the invoices

There are two ways your brand gets pulled in:

1. Impersonation without access. Scammers use your business name/logo in the invoice or in a look-alike email. They never touch your accounts, they just borrow your credibility to make victims call their number.

2. Compromise with access. Scammers get into an old or weakly protected email/PayPal account (often through password reuse). From there, they can create legit-looking invoices or money requests using your actual PayPal profile and blast them to any address they can find—past customers, scraped lists, even random targets. The note field contains the same “call us” script, pointing to their phone bank.

What you’ll see on your side

A sudden spike in “Did you send this?” messages, angry calls, and PayPal activity you don’t recognize. If email was part of the breach, you may also find strange forwarding rules, login alerts from unfamiliar locations, or password-reset notices you didn’t start. The damage is time and trust. As Palomino Bazaar learned, blowback can spill into other ventures because people remember the name, not the nuance.

Your name makes the invoice believable. The phone number in the notes keeps the whole exchange off-platform and under their control. Even if targets don’t pay, many will call, and that’s where the con happens.

The 60-Second Check (Do This Every Time)

Don’t click links and don’t call numbers in the email.

Always open a fresh tab, type paypal.com, sign in, and check Activity → Invoices / Money requests.

If the invoice appears and it’s bogus, decline it, block the sender, and forward the email to phishing@paypal.com.

If nothing appears, it was a spoofed email. Delete and report it.

If You Already Called or Clicked

Take a breath, then act:

  • Change passwords for PayPal and the email account tied to it. Turn on two-step verification for both.
  • If you shared card or bank details, call your bank/issuer and monitor transactions.
  • If you installed anything or allowed screen-sharing, uninstall it and run a full security scan. Consider a clean reinstall if anything looks off.
  • Keep evidence: invoice IDs, emails, caller numbers and times. File reports with PayPal and your national cybercrime channel. Add a case to BBB Scam Tracker to help others spot the pattern.

If Scammers are Using Your Company’s Name to Trick People

If you discover scammers are impersonating your business, take action immediately:

  1. Tell people what’s happening. Post and pin a short alert on your website and social channels. 
    Could be something like: We’re aware of fake PayPal invoices using our name. We will never ask you to call a phone number to cancel a charge. Please sign in at paypal.com to review any requests, decline anything suspicious, and forward emails to phishing@paypal.com. If you have questions, contact us at [your real support email/phone].
  2. Lock down old keys and doors. Close or secure inactive PayPal accounts. Remove former staff logins and old API keys. Make sure email, PayPal, and invoicing tools use unique, strong passwords and 2FA. If you reused a password anywhere, fix it now.
  3. Work with platforms and authorities. Send PayPal the invoice IDs and screenshots. File an official cybercrime report if local guidance recommends it. Add your case to BBB Scam Tracker to warn others.
  4. Monitor your business identity and assets. Use a digital identity and brand-monitoring tool to watch for trouble before customers do. Track your company name(s), domain(s), executive names, official support emails, and payment handles (for example, PayPal or Stripe). Turn on alerts for leaked credentials tied to your domains or staff emails, look-alike domains and fake profiles, and new mentions of your brand in shady marketplaces or forums.

If you’re using Bitdefender Ultimate Small Business Security, enable Digital Identity Protection to surface exposures and impersonations and get guided fixes.

Everyday Prevention for Busy Teams

Keep it simple and consistent:

  • Treat “call now to avoid charges” as a red flag. Real billing issues don’t hide behind phone numbers in the notes.
  • Train whoever checks finance@ or info@ to run the 60-second check above.
  • Separate duties: the person who receives invoices isn’t the one who approves payments.
  • Use security that catches bad links and shady sites before anyone clicks. Bitdefender Ultimate Small Business Security does this with Phishing & Email Protection, and its Scam Copilot helps you sanity-check “almost real” messages in seconds.

 

Sponsored Content

This is sponsored content provided by Bitdefender. SCORE does not endorse specific products or services; opinions expressed are the sponsor’s.

 

Special Offer 

SCORE members now get 30% off on Bitdefender Ultimate Small Business Security subscription.

Bitdefender Ultimate Small Business Security gives you all-in-one cybersecurity without IT skills needed. Designed for businesses with up to 25 employees, it protects you and your teams’ devices, data, and digital activity from cyberthreats.
SHARE THIS ARTICLE
 Brought to you by
BitDefender Logo

Bitdefender

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Bitdefender Ultimate Small Business Security is an all-in-one cybersecurity solution tailored for small businesses with up to 25 employees and no dedicated IT staff. 

About Bitdefender
How to Work Safely with Polyworkers, Contractors and Freelancers
How to Work Safely with Polyworkers, Contractors and Freelancers

Sponsored Content

More and more of the people you hire will be polyworkers, contractors, or freelancers—often juggling multiple clients on the same laptop. Whether they have a full-time job plus a side gig or serve several clients at once, they may handle your files alongside other work.

This guide shows you how to work safely with them, so you protect your business, your clients, and your documents without adding a lot of complexity.

What Is “Polyworking”

Polyworking means someone works for two or more employers or clients at the same time, often remotely and on a personal device. It’s growing
Man looking concerned at his laptop sitting outside at a table
Scam Alert: Fraudsters are Impersonating the US Patent and Trademark Office to Defraud Business Owners

Sponsored Content

If you own a business or know someone who does, you understand the importance of protecting intellectual property. Scammers are aware of this too, so they are impersonating the United States Patent and Trademark Office (USPTO) to steal money from business owners.

How the Scam Works

According to a recent FTC alert, scammers contact businesses via phone calls, texts, or emails that appear to come from the Patent and Trademark Office in the US. They might even use the names of legitimate USPTO employees, such as a trademark examining attorney, and display what appears to be the
CONNECT
712 H St NE PMB 98848
Washington, DC 20002
1-800-634-0245

Copyright © 2025 SCORE Association, SCORE.org

Funded, in part, through a Cooperative Agreement with the U.S. Small Business Administration. All opinions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.

Chat generously provided by:LiveChat® HelpDesk®

In partnership with