PayPal/Crypto Scam - (Been active for the past 2 days) (850) 761-9818

Hello! This is my first post on here. I do apologize if I did not format it correctly. Please let me know if I need to edit or remove. Thank you! :smile:

I received a fake PayPal invoice for a purchase of Bitcoin as follows:

Subject: Bill Pay updated your invoice (38390)

Thank You for Choosing PayPal, Your Payment of $619. 99 will be charged through PAYPAL for BITCOIN CRYPTO. If you did not make this transaction, please contact us at number +1(850) 761-9818 to cancel and claim a refund. If this is not the case you will be charged $619. 99 today. This transaction will reflect on PayPal activity after 24 hours. Our Service Hours: (06:00 a. m. to 06:00 p. m. Pacific Time).

Some things to note while calling them…

  • They don’t usually block numbers, interestingly enough. At most, they will ignore your call. You can call back after a brief time and they’re more likely to pick up if they stop answering.
  • They WILL ask for your invoice number (38390) and/or the amount ($619.99) to make sure you had received the email.
  • They switch between using AnyDesk and TeamViewer QuickSupport.
  • There is a wallet address that was posted on Reddit under a search for this number. I will not link to it, as I cannot confirm its legitimacy. BUT, if it is legit and if I am understanding Blockchain Explorer correctly, then they have been in operation for almost a week and have received and promptly transferred a little less than $1M. AGAIN, just speculation.

Lastly, I don’t have a proper sandbox, so I don’t have their entire script, but I have enough to throw them off in the very beginning of the call:

  • [Customer describes issue]
  • Ask customer if they have been on any public wifi.
  • Then ask customer if they have been to Walmart or Target. Their phone may have been automatically connected to public wifi.
  • If the customer has any questions, direct them to a web browser. Have them Google “What is my IP address”, and show them that their IP has been turned to “public” instead of “private”.
  • Direct them to the Google Play store or the Apple App Store to download remote software.

OK Mario…I verified the number. I did edit it by putting it into the proper category and also putting the number into the title. Please take the extra time to do this for future posts. TY and welcome to the forum. Any questions please reach out and put “Questions” in the category field. :+1: