One fake PayPal invoice. One phone call to a number that looked legitimate. Roughly $130,000 gone. That is the outcome the FBI documented after a victim followed the instructions in a fraudulent invoice email, called the listed “support” line, and allowed a stranger to take remote control of their computer. The bureau’s victim identification effort tied to that case remains open, which means investigators believe more people were hit the same way.
As of May 2026, the warnings are getting louder. Pennsylvania Attorney General Michelle Henry Sunday’s office classified the scheme as “trending” in a consumer protection advisory, signaling a rise in complaints rather than a plateau. The FBI is separately asking anyone who has encountered a similar scam to report it through its online intake process. Neither agency has published a total victim count, but the coordinated urgency from both state and federal levels is unusual for a single fraud type.
How the scam works, step by step
State and federal investigators describe the same two-stage pattern.
Stage one: the invoice. A target receives what appears to be a legitimate PayPal invoice, typically for a high-dollar item like electronics or cryptocurrency. The email can arrive from a genuine PayPal.com address because scammers exploit PayPal’s own invoicing tool to send payment requests to any email on file. There are no misspellings, no broken logos, no obvious tells. It is a real PayPal-generated invoice for a transaction the recipient never initiated.
Stage two: the phone call. Embedded in the invoice is a phone number labeled something like “PayPal Customer Support” or “Billing Department.” When the target calls, the person on the other end poses as a PayPal representative and walks the caller through installing remote-access software such as AnyDesk or TeamViewer. Once that software is running, the scammer can see the victim’s screen, control the mouse, open banking portals, and move money. In the FBI-documented case, the entire theft played out in minutes.
That FBI case dates to January 2024, but it remains directly relevant: the bureau’s victim intake form is still active, and the fraud mechanics it describes match what the Pennsylvania AG’s office is flagging right now. The FBI has not disclosed whether the $130,000 was recovered or released a detailed case report beyond the intake solicitation.
What authorities have confirmed, and what they have not
The Pennsylvania Attorney General’s advisory confirms enough consumer complaints to classify this as an active, growing trend. The FBI’s open victim intake confirms at least one investigated case with a six-figure loss. Both agencies describe identical fraud mechanics: fake invoice, fake support line, remote access, financial theft.
What is missing is scale. No public count of total victims exists. No estimate of combined losses has been released. No demographic breakdown shows who is most vulnerable. The FBI’s decision to solicit additional victims strongly suggests the problem extends well beyond a single case, but that belief has not been quantified in any public document reviewed for this report.
For broader context, the FBI’s Internet Crime Complaint Center (IC3) reported that Americans lost more than $12.5 billion to internet-enabled fraud in 2023, with payment-platform scams representing a significant and growing share. The 2024 IC3 annual report is expected to show continued increases. Individual invoice scams like this one are difficult to isolate in aggregate data, but they fit squarely within the tech-support and impersonation fraud categories that IC3 has flagged as among the costliest.
Geographic reach is also unclear. The Pennsylvania warning is state-level, and the FBI case does not specify the victim’s location. Because the scam relies entirely on email and internet-based remote-access tools, there is no technical barrier confining it to any single region.
Where PayPal stands
PayPal’s Help Center includes general guidance on invoice and money-request scams, advising users not to pay invoices they do not recognize and to report suspicious requests directly through the platform. As of this writing, however, PayPal has not issued a public statement addressing the specific wave of fraud described by the Pennsylvania Attorney General and the FBI.
That gap matters because PayPal controls the invoicing system scammers are exploiting. Whether the company has added new fraud-detection filters, changed how phone numbers appear in invoice messages, or taken other steps behind the scenes is not confirmed in any public source.
PayPal’s purchase protection policy covers unauthorized transactions in many cases, but invoice scams occupy a gray area. If a user voluntarily grants remote access and the scammer initiates transfers from the user’s own device, PayPal may treat the activity as “authorized” from a technical standpoint. Victims in that situation often need to dispute charges through their bank or credit card issuer rather than through PayPal’s resolution center. This is a critical distinction that most targets do not learn until after the money is gone.
How to protect yourself right now
If you receive an unexpected PayPal invoice, take these steps before doing anything else:
- Do not click any links in the email. Do not call any phone number listed in the message, even if it says “PayPal Support.”
- Go directly to PayPal.com. Open a browser, type the address yourself, and log in. Check your account activity and invoices. If nothing matches the email, the message is fraudulent.
- If an unfamiliar invoice does appear in your account, use PayPal’s built-in tools to decline or report it. Do not engage with the sender.
- Never install remote-access software at the direction of someone you reached through an unsolicited message. Legitimate PayPal support will never ask you to download AnyDesk, TeamViewer, or similar programs.
- Report it immediately. Forward suspicious PayPal emails to phishing@paypal.com. If you have lost money, file a complaint with the FBI’s Internet Crime Complaint Center (IC3) and contact your bank or card issuer right away. IC3 complaints feed directly into federal investigations, which is how cases like the $130,000 loss get built and, in some instances, how funds get traced.
Why the first 30 minutes decide everything
Both the Pennsylvania Attorney General and the FBI stress fast reporting for a practical reason: once remote access is granted, the window to stop a transfer can shrink to minutes. Banks and payment platforms have significantly better odds of freezing or reversing transactions when they are flagged the same day, ideally within the first hour. The Consumer Financial Protection Bureau (CFPB) has noted that rapid notification is one of the strongest factors in successful fraud recovery. Waiting even 24 hours can mean the difference between getting money back and losing it for good.
This scam does not depend on sophisticated hacking. It depends on urgency, confusion, and the natural instinct to pick up the phone and fix a problem. The most effective defense is also the simplest: pause, verify through PayPal directly, and never let someone you did not contact first guide you through your own computer. If a PayPal invoice you never expected shows up in your inbox, that moment of doubt is the scam working. Step back, check your account yourself, and report what you find.
David M. Keller is a finance writer based in Columbus, Ohio, covering personal finance and consumer-focused economic topics. He earned his degree in journalism from Ohio University and began his career reporting on local business and economic trends for a regional media outlet. Since then, he has contributed to a variety of online publications, focusing on clear, practical coverage of topics such as cost of living, debt, and everyday financial decision-making.
