Email scams

Is this PayPal invoice email a scam?

Suspicious Medium risk Email

Commonly seen since 2023. Last reviewed 2026-06-05.

Example only - do not act on it

Example only: You sent a payment for a large amount. If you did not authorise this, call this number now: [phone number removed]

Why this message is suspicious

Scammers send real-looking invoices/requests to bait a call.
The phone number leads to a fake 'support' agent.
They aim to get remote access or a 'refund' reversal.

What the scammer wants

To get you on the phone
Remote access to your device
A reversed or re-sent payment

Common variations

Unexpected invoice or money request
'Call us if you didn't authorise this'
Pressure to phone a number

Red flags to watch for

Fake Authority Payment Request Remote Access

What to do now

Do not call numbers in the email.
Log in to the payment app directly to check for any real request.
Decline or report unexpected money requests in-app.

What not to do

Do not call the number.
Do not install any 'support' or screen-share app.
Do not approve a refund you did not request.

If you already responded

Act quickly - the sooner you respond, the more you can limit. Find the situation that matches what you did:

If you clicked a link: If you entered login details on a linked page, change your password from a trusted device and review activity.

If you paid: Contact the payment provider and your bank to stop or dispute the transaction.

If you shared a code, OTP, or login: Secure the account: change the password and contact the provider.

If you only clicked the link but entered nothing: close the page, don't enter anything, and watch the linked accounts for unusual activity. Full steps →

If you entered card details: contact your bank now to freeze the card and dispute charges, then watch your statement. Full steps →

If you shared an OTP or one-time code: the scammer may be logging in right now - change the password, sign out other sessions, and turn on app-based 2FA. Full steps →

If you sent money: contact your bank or payment provider immediately to try to stop or recall it, and report it. Full steps →

If you installed an app / gave remote access: disconnect from the internet, uninstall it, and change key passwords from a different, trusted device. Full steps →

If you shared passport, ID, or KYC documents: watch for identity theft, consider a credit freeze or fraud alert, and keep the evidence. Full steps →

Watch out for a second scam. People who've just lost money are often contacted again by a fake "recovery" service promising to get it back for an upfront fee. Legitimate recovery never starts with a fee paid to someone who contacted you - see recovery scams.

First time dealing with this? Start with the first 24 hours after a scam checklist and how to save evidence.

How to report it

Report through official channels for your country. Use our scam reporting directory to find the right authority, and never use phone numbers or links from the suspicious message itself. If an official link looks outdated, tell us so we can review it.

Official sources checked

FBI IC3 - Senior US officials impersonated in malicious messaging campaign (2025) High reliability

Law-enforcement alert

Reviewed 2026-06-05. See our methodology for how we select sources.

Related platforms

Email scams

Frequently asked questions

Is the invoice real if it looks official?

Scammers can send genuine-looking requests. Ignore the email's phone number and check directly in the official app instead.