Summary

I’ve recently been a victim of a clever kind of fraud involving Paypal and Intuit Quickbooks. This fraud allows a scammer to use a Paypal or Intuit user to send invoices with a “reply-to” to any address (my email!), and they’re sending numerous invoices that arrive in peoples mailboxes and pass spam filters since they use the legitimacy of Paypal’s mail servers. Paypal is relaying scams from Intuit Quickbooks.

This is dangerous and Paypal should put more care into protecting it’s platform from this type of compromise.

Invoice Fraud

Invoice fraud is a type of scam where someone sends a fake invoice to another person, pretending to be someone they are not. The scammer can make the fake invoice look very convincing, so that the person receiving it thinks it is real. They might even use the name of a real company like Paypal or Intuit Quickbooks to make it seem more legitimate. If the person receiving the fake invoice pays it, they will lose their money and the scammer will get away with it. It’s important to be careful and make sure any invoices you receive are real before you pay them.

Protect Yourself

Advise your parents and family not to trust Paypal or Intuit. Random invoices sent from these platforms are dangerous as demonstrated below.

You can report these to security@intuit.com, but I don’t think it matters honestly. I reported these and they keep coming.

Reported Proof

Evidence

Take a look at these gems coming into my email. It looks like they’ve had some payments. Very sad for those people. I’m also getting emails telling ME to stop scamming them. It’s clear when you look at the email headers, I did not send these emails, but the emails are not being filtered due to PayPals trusted sender status.

Example A

Example B

Example C

Maybe Your Accounts Were Hacked?!

I verified, I don’t have any of these accounts.

NoPaypal

NoQuickBooks

Updated and Resolved

It looks like the hacker had his account shutdown. I recieved the notification email. Since my email isn’t connected to an Intuit or Paypal account, they clearly allowed this person to change it to my email after account setup for notification with no pin verification. Never trust an address on Shady Ave! 🚀

Fraud Stopped