Hello! This is my first post on here. I do apologize if I did not format it correctly. Please let me know if I need to edit or remove. Thank you!
I received a fake PayPal invoice for a purchase of Bitcoin as follows:
Subject: Bill Pay updated your invoice (38390)
Thank You for Choosing PayPal, Your Payment of $619. 99 will be charged through PAYPAL for BITCOIN CRYPTO. If you did not make this transaction, please contact us at number +1(850) 761-9818 to cancel and claim a refund. If this is not the case you will be charged $619. 99 today. This transaction will reflect on PayPal activity after 24 hours. Our Service Hours: (06:00 a. m. to 06:00 p. m. Pacific Time).
Some things to note while calling them…
- They don’t usually block numbers, interestingly enough. At most, they will ignore your call. You can call back after a brief time and they’re more likely to pick up if they stop answering.
- They WILL ask for your invoice number (38390) and/or the amount ($619.99) to make sure you had received the email.
- They switch between using AnyDesk and TeamViewer QuickSupport.
- There is a wallet address that was posted on Reddit under a search for this number. I will not link to it, as I cannot confirm its legitimacy. BUT, if it is legit and if I am understanding Blockchain Explorer correctly, then they have been in operation for almost a week and have received and promptly transferred a little less than $1M. AGAIN, just speculation.
Lastly, I don’t have a proper sandbox, so I don’t have their entire script, but I have enough to throw them off in the very beginning of the call:
- [Customer describes issue]
- Ask customer if they have been on any public wifi.
- Then ask customer if they have been to Walmart or Target. Their phone may have been automatically connected to public wifi.
- If the customer has any questions, direct them to a web browser. Have them Google “What is my IP address”, and show them that their IP has been turned to “public” instead of “private”.
- Direct them to the Google Play store or the Apple App Store to download remote software.