New Scam Targets Pay Later Users: What You Need to Tell Your Employees (and Maybe Your Customers)

A new Pay Later scam targets users with fake invoices that deliver funds directly to thieves. Those who have linked a Buy Now, Pay Later account to their PayPal may be at greater risk.

What Is the Pay Later Scam?

Scammers harvest emails to their mailing lists, then create fake invoices like the one below:

Buy now pay later

The invoice appears to come from a legitimate source. The link points to PayPal and seems legitimate because it is a real PayPal link. Scammers created the phony invoice, complete with the stolen Best Buy logo, to trick careless users into sending them money. These scam emails often arrive late in the afternoon or early in the evening, when you may be tired and less focused on specifics. If you were expecting a Best Buy invoice and saw a payment due at 7PM or 8PM, would you click the link? If it pointed to PayPal, would you be more likely to click it? Pay Later scammers are counting on that.

How to Avoid the Pay Later Scam

To avoid the Pay Later scam, remember one of the most basic rules of cyber securityNever click on links in emails. Always go to a company’s website, log in to your account (preferably with two-factor authentication), and complete payments manually. If you want to help PayPal crack down on these scams and encourage them to remove tools that allow scammers to create these fake invoices, you can report it to the PayPal Security Center.

As an extra layer of security, try to avoid associating Pay Later services, such as Affirm, Afterpay or Sezzle, with PayPal accounts or bank accounts. The extra time it takes to put in your information and authorize a transaction, versus simply clicking a link, may be the time you need to recognize a fraudulent invoice. Also try to avoid paying invoices late in the day or when you are distracted.

Inform Your Employees About Pay Later Scams

If you own or run a business, you should be in the habit of reporting new scams to your employees for two reasons:

  1. Scammed employees are unhappy employees, and unhappy employees are less productive. It can take days to undo the personal financial damage from a scam. Set up a program to provide regular emails to your employees when new scams get reported, both business and personal.
  2. Once someone interacts with a criminal, more criminals show up. Scammers are always hunting for “hot” targets. What begins as an individual attack can escalate into phishing attacks that jeopardize your cyber security.

Should I Tell My Customers About Pay Later Scams?

Imagine the reaction of someone victimized by a Pay Later scam. They are going to blame themselves, but they may also blame everyone else involved, including the business that was spoofed in the scam and the platform that processed the payment. That’s a small amount of damage to a company’s reputation, but those small amounts add up over time.

Larger companies may lack the means to notify every customer of every scam and often are not aware that their identities have been spoofed. Companies should take steps to be both proactive and reactive when scams like this appear.

Proactive means informing your customers at the point of sale and in every email that you will not send them links to pay their bills. (If you are sending links to pay bills, please stop.) Remind customers to always go to your website and log in to complete a financial transaction.

Reactive means alerting customers when scams like Pay Later reach your desk. If customers start complaining about fake invoices or invoices they believed that they paid, it’s time to investigate the source and take action. Reach out to impacted customers and request copies of the emails they received, then send an alert to your customers informing them of the scam and reminding them not to click links in emails. This step may take a little time to complete, but the goodwill it builds will justify the cost.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *