[SERIOUS] Just received an interesting scam email about a PayPal invoice

Pic of email: https://imgur.com/a/QCFzCfN

So I got an email from PayPal saying I had an invoice from Coinbase for a payment of $516.99. Warning bells start going off. I never deal in amounts this large. While I do have a PayPal account with the email address it was sent too, it is largely inactive. Also I never linked Coinbase in the first place. So it might be scam but lets do some checks.

Now making an email look like it is official is not that hard. So just because it looks official doesn't mean that it is. We need to look deeper. In Gmail, on the right hand side next to the reply button is the more menu with three vertical dots. Clicking on it brings up a drop down menu. From there you click on "Show original." This will give all hidden info that goes into sending and receiving emails. Basically it is the "inspect element" for emails.

From here we are looking at the received address. This is the incoming address Google got. For this email it says " mx2.slc.paypal.com." The paypal.com is indeed the correct name address for PayPal. The reset is just subdomains of PayPal. (Be careful, even a one letter difference could be all it takes to get you on a spam website). Also in this view we can see that Google filters check the incoming IP address and domain name of the email as correct. So with this information we can be fairly confident that this is a legit PayPal email.

But we are rightly paranoid, so lets check this email even further. Listed in the email is a phone number. DO NOT CALL THIS NUMBER. Instead open a browser and go to the PayPal website directly without using any website address in the email. Look in their website for a customer service number. I got "1 (888) 221-1161." Close to the email but not correct. Humm…suspicious.

Okay now it is time to get dangerous and click on the "View and Pay Invoice" button. I'm sure that is indeed a PayPal email. The link does not use any shorting (Good sign of a malicious link) and points directly to the PayPal website.

When we do, we get to the real PayPal and finally clues us to what is going on. Some scammer sent an invoice to my PayPal account (I'm guessing they just need an email with a PayPal account). They left a message with the a phone number in it so that it would appear in the email. PayPal then sent an email letting me know about this invoice.

Needless to say I did not pay this and have reported it to PayPal. This scam really throw me for a loop because of how different it is from the usual obviously scam stuff. The email was a real PayPal email, the fake invoice was the scam. So stay safe out there and I hope you learned something from this post about how to check if something is a scam or not.

Bonus:
So I was curious and called the number in the message using a burner phone number. It is important to remember that even if you don't go along with the scam, they will still sell your number. I got a computer lady saying "One moment while we connect you" and then nothing. It disconnects. How odd. Expected to have someone try and steal my information.