I am fascinated to learn that people are running this game on PayPal.

Let's do a quick thread about invoice games, actually, because this is one that can hit anybody in different forms. If you have parents who are getting on in years, they might be vulnerable. Or if you're taking over bills for them and don't know what they're paying.

So an invoice scam comes in many forms, and some of them are even technically legal. Political parties and even non-profits have been known to mail out their solicitations for donations, formatted to look like a threatening letter, with FINAL NOTICE stamped on the outside.

Invoice scams directed at individuals at a residential address do their best to look urgent and important. They want you too afraid to not respond.

Ones sent to businesses take the opposite tack. They want to look routine, boring, unassuming.

If you answer phones in an office -- even if or especially if that's not your main job -- and you get a call from somebody asking what brand of printer you use, say, that might seem like a harmless question.

It's actually a bit of social engineering.

Step one is finding out what kind of printer you use; step two is sending an invoice for toner, something in steady demand. In a big enough company, the people who cut the checks aren't always the same people who place the orders, and if they are, who can keep track of all that?

So they send a phony invoice and it gets routed to whoever pays the invoices, and maybe it gets paid or maybe it gets thrown in the trash. Whatever, it's a numbers game. If there's any pushback, "We regret the error." No harm, no foul.

Now, I said that sometimes it's even legal. Billing someone for toner they didn't order from you and you didn't send them? Definitely fraud. But sending a solicitation that looks a lot like an invoice, but which is technically somewhere on it identified as a solicitation?

That's more of a gray area. Utility companies get people and businesses to unwittingly switch service this way. Political parties and non-profits get donations this way. Fly-by-night sales companies sell some pretty useless junk this way.

Most scam invoices wind up in the trash but it only takes one big fish on the line to pay for a whole campaign. They prey on inattention and fear.

How do you protect yourself? If you get a completely unexpected bill, push aside your emotions. Walk away for a bit. Come back.

When you come back, look for words like "offer" and "solicitation". Read all the fine print. If it says that paying authorizes them to do something... it's not a bill for something you've already been provided.

An out and out illegal, completely fake invoice like for a bogus toner order (and it's not always toner, that's just kind of the archetypal example) isn't going to have boilerplate you can identify.

If you're cutting checks for a company... know your suppliers.

And if you're placing orders for a company and you don't control the checkbook, keep whoever pays out the accounts abreast of who you're doing business with.

A list of approved vendors tacked to a wall can prevent a lot of this. Make any payment outside that require confirmation

And brief your employees/coworkers to never discuss who your company does business with or what equipment it uses with strangers over email or the phone.

The home version of that is: know who your utility companies are and what utility companies and services anyone else for whom you're taking bill-paying responsibility uses.

The tactics used with fake invoices range from technically legal to probably illegal but hard to catch/prove to definitely illegal, but no matter where the perpetrators fall on that scale they all depend on the idea that people confronted with a bill will pay it habitually.

An envelope that says "PAST DUE" or "FINAL NOTICE" on it can be heart-stopping, I know. But especially if it seemed to come out of nowhere, it's worth taking a few minutes to compose yourself before you deal with what's inside.

If you find yourself receiving something like this... for sure contact the Better Business Bureau or your local equivalent, leave Yelp reviews, call them out on social media (remember to hide your address if you share pictures), because legal or not it's a bad business practice.

And if you find anything of value in my informational threads... feel free to give something of value back. Voluntarily, because I asked openly and honestly.

paypal.com/cgi-bin/webscr…