PayPal Scam Alert: New Invoice Scheme Bypasses Email Security

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 
March 10, 2025 3 min read

PayPal Scam Warning—Dangerous Invoice Bypasses Email Security

Beware of a new PayPal invoice scam that uses old tricks to bypass email security. As Google rolls out AI-powered protections to aid Android users, scammers are reverting to methods that exploit email vulnerabilities. “PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails,” said Pieter Arntz, a malware intelligence researcher at Malwarebytes. Scammers set up Docusign accounts and use its templates to create seemingly legitimate invoices from PayPal. These documents come from Docusign, allowing them to slip past email security filters, making them particularly dangerous. Docusign investigates and closes suspicious accounts within 24 hours of detection. PayPal emphasizes its commitment to security, urging customers to remain vigilant and visit PayPal.com for safety tips.

PayPal Attack Red Flags To Watch For

A recent Malwarebytes report highlights several red flags in this scam campaign. Emails may appear to be from Docusign but could originate from fake Gmail addresses. “If it seems weird that Docusign has been used to send a document that doesn’t require a signature, it’s a red flag,” Arntz noted. Jamie Beckland, chief product officer at APIContext, warns that this Docusign scam uses APIs to bypass email security and steal login credentials. “All API owners should monitor APIs for suspicious behavior,” Beckland advises.

Mitigating The PayPal Docusign Attack

To mitigate the risk, if you receive a suspicious email claiming to be from Docusign, verify its authenticity directly on Docusign.com by clicking the Access Documents link. Enter the document security code provided in the email. If you receive an error, the document may be fraudulent. Always check your PayPal account directly, not via links in emails, for any unauthorized transactions. Since many users rely on PayPal to both receive and access their funds, knowing the correct steps inside the platform is just as important as spotting scams, which is why understanding how to withdraw money from PayPal safely can help you avoid mistakes triggered by phishing or fake invoices. Report any suspicious activity to both PayPal and Docusign.

How PayPal Protects Users From Scams As Attacks Evolve

PayPal employs a combination of manual investigations and advanced technologies to protect users. They limit scam accounts and decline risky transactions. PayPal's evolving fraud detection tools include reminders for customers about suspicious invoices and payment requests. Customers should:

  • Avoid calling phone numbers or clicking links in suspicious messages.

  • Change their account password and contact PayPal if they suspect phishing.

  • Enable two-factor authentication or use a Passkey.

  • Report suspicious messages directly to email providers.

  • Contact law enforcement to report scams.

For more information about invoice and money request scams, visit the PayPal US security page.

image of an invoice containing an alarmist note

Image courtesy of PayPal

image of a scam email containing an alarmist note

Image courtesy of PayPal

Cybersecurity Marketing Solutions

In response to the constantly evolving threats in the digital landscape, GrackerAI offers AI-powered cybersecurity marketing solutions. Our platform helps organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI positions itself as a powerful tool for creating timely, relevant marketing materials that resonate with cybersecurity professionals and decision-makers. To explore our services or contact us, visit GrackerAI.

Latest Cybersecurity Trends & Breaking News

Amazon and Microsoft Battle for Quantum Computing Supremacy Amidst Industry Challenges AI Arms Race and Malware Development

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 

Deepak Gupta is a technology leader with deep experience in enterprise software, identity systems, and security-focused platform architecture. Having led CIAM and authentication products at a senior level, he brings strong expertise in building scalable, secure, and developer-ready systems. At Gracker, his work focuses on applying AI to simplify complex technical workflows while maintaining the accuracy, reliability, and trust required in cybersecurity and B2B environments.

Related Articles

The Best Tools to Improve AI Visibility for Your Brand (GEO Guide)
Generative Engine Optimization

The Best Tools to Improve AI Visibility for Your Brand (GEO Guide)

Discover the best GEO tools to boost AI visibility, earn LLM citations, and stay visible in ChatGPT, SGE, and generative search results.

By Ankit Agarwal February 3, 2026 8 min read
common.read_full_article
A Practical Guide to Outsourcing a Freelance Content Writer the Right Way
Freelance content writing

A Practical Guide to Outsourcing a Freelance Content Writer the Right Way

Learn how to outsource a freelance content writer with clear goals, fair budgets, strong workflows, and trusted support for high-quality content.

By Govind Kumar February 3, 2026 4 min read
common.read_full_article
Getting the Picture: 10 Best AI Image Generators for 2026
AI image generator

Getting the Picture: 10 Best AI Image Generators for 2026

Find the best AI image generator for your marketing needs. We compare Wixel, Midjourney, DALL-E 3, and more on price, quality, and features for 2026.

By Mohit Singh Gogawat February 3, 2026 9 min read
common.read_full_article
Integration Marketplace SEO: Making Your Partner Ecosystem Discoverable
integration marketplace seo

Integration Marketplace SEO: Making Your Partner Ecosystem Discoverable

Learn how to optimize your B2B SaaS integration marketplace using pSEO and AEO to drive more traffic and partner leads.

By Ankit Agarwal February 3, 2026 16 min read
common.read_full_article