Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
‘Escape From Tarkov’ Launches New Expansions Hub

‘Escape From Tarkov’ Launches New Expansions Hub

10 July 2026
Vietnam is paying women to have more babies—but they have to be on baby no. 2 to qualify

Vietnam is paying women to have more babies—but they have to be on baby no. 2 to qualify

10 July 2026
Why Americans Cannot Ignore August’s Total Solar Eclipse

Why Americans Cannot Ignore August’s Total Solar Eclipse

10 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » PayPal Attack Warning—Dangerous Gmail Invoice Bypasses Email Security
Innovation

PayPal Attack Warning—Dangerous Gmail Invoice Bypasses Email Security

Press RoomBy Press Room9 March 20255 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
PayPal Attack Warning—Dangerous Gmail Invoice Bypasses Email Security

Update, March 9, 2025: This story, originally published March 8, has been updated with in-depth mitigation advice from PayPal regarding attack attempts and tactics.

As Google starts rolling out AI-powered protections to save Android users from messaging and phone call scams, and PayPal makes a major move to improve login security by removing the need for 2FA codes, it seems that the scammers and hackers are reverting to tried and tested methods to evade protections and attack using email. Here’s what you need to know and do.

PayPal Scammers Turn Back The Clock To Bypass Email Security Protections

Not all phishing attacks are driven by AI, sophisticated in nature, or even truly hard to detect. One such case has been highlighted by researchers at Malwarebytes which, nonetheless, remains dangerous and could cost you dearly if you fall victim. “PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails,” Pieter Arntz, a malware intelligence researcher at Malwarebytes, warned; “To pull this off, the phishers set up a Docusign account and then use the templates provided by Docusign to send out legitimate looking invoices from PayPal.”

Because the documents actually come from Docusign, they bypass multiple email security filters and protections. Something that makes them particularly dangerous despite being an old attack methodology. Docusign said that its team investigates and closes suspicious accounts within 24 hours of any such activity being detected or reported and once an account is closed, all envelopes sent from the account are no longer accessible by the recipient or sender. PayPal told me that “PayPal takes seriously our efforts to protect customers from evolving scams and fraud activity. We encourage customers to always remain mindful online and to visit PayPal.com for additional tips on how to protect themselves.”

PayPal Attack Red Flags To Watch For

The March 4 Malwarebytes report, confirmed that there are many red flags associated with this particular PayPal attack campaign that make it easy to spot. If you know what you are looking for. “The emails appear to be from Docusign,” Arntz said, “but are actually from scammers using a fake Gmail address.” That alone should set the alarm bells ringing as PayPal would obviously not be sending you a critical security notification using a throwaway Gmail address. “Also, it seems weird that Docusign has been used to send a document that doesn’t require a signature,” Arntz continued; “Looking deeper, there are some more red flags. The “To” address does not belong to the receiver. It doesn’t even exist.”

“This recent Docusign scam relies on Application Programming Interfaces to bypass email security, in order to steal login credentials,” Jamie Beckland, chief product officer at APIContext, warned; “While Docusign says their system identifies bad actors, that is no help if a user shares their email password inadvertently.” Beckland said that all API owners should monitor APIs for suspicious behavior, which looks different than suspicious website behavior, and “test APIs for conformance against security standards in order to stop these exploits before they start.”

Mitigating The PayPal Docusign Attack

Malwarebytes recommended that, if you have received one of these emails or something similar using a Docusign lure, that you can verify if it’s genuine by heading directly to Docusign.com where you should click on the Access Documents link in the upper right-hand corner. From here, you can enter the document security code that will be displayed in the email. “If you get an error message,” Arntz said, “that means the document was removed or never even existed.”

Checking your PayPal account directly, not using any links in an email or document you have been sent, to look for suspicious transactions of the type that such phishing campaigns claim, is highly recommended as this can stop you going any further before you even start.

Furthermore, you should report any unauthorized PayPal payment linked to Docusign activity that you have cause to believe is fraudulent to both PayPal and Docusign.

How PayPal Protects Users From Scams As Attacks Evolve

The truth of the matter is that phishing attempts come in many forms, as already mentioned, and are far from being a PayPal specific issue. That said, PayPal uses a combination of manual investigations and sophisticated technologies to protect users from such attacks, including taking proactive actions like limiting scam accounts or declining risky transactions.

In conversation with a PayPal spokesperson who didn’t want to be quoted directly, I learned that PayPal is constantly evolving its fraud detection tools, including adding fraud reminder notices with advice for customers on all global invoice requests and peer-to-peer money requests. If people receive any unexpected, suspicious invoices or payment requests, the PayPal advice remains the same: do not pay it, do not respond to it, do not share any personal information.

Specifically, PayPal customers should:

  • Not call any phone numbers, open attachments, or click on any links within suspicious invoice or money request messages.
  • Change their account password and contact PayPal as well as their financial institution immediately if they think that have clicked any links in such a message.
  • Enable two-factor authentication as a matter of course, or use a Passkey which will serve as both a secure login method and as a second authentication factor.
  • Flag any suspicious messages directly to email providers.
  • Contact law enforcement to report any scams. PayPal will then assist in the investigation if asked. 

PayPal has said that it partners with leading consumer protection institutions, such as the Better Business Bureau, American Association of Retired Persons, Federal Trade Commission and the Aspen Institute. PayPal has also launched a Smarter Than Scams campaign with the Financial Technology Association to raise awareness of the latest common fraud trends.

DocuSign email security Gmail invoice Malwarebytes PayPal attack PayPal email PayPal Invoice PayPal phishing PayPal Scam PayPal security
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

‘Escape From Tarkov’ Launches New Expansions Hub

‘Escape From Tarkov’ Launches New Expansions Hub

10 July 2026
Why Americans Cannot Ignore August’s Total Solar Eclipse

Why Americans Cannot Ignore August’s Total Solar Eclipse

10 July 2026
OpenAI Intros GPT-Live Models: What Does That Mean?

OpenAI Intros GPT-Live Models: What Does That Mean?

10 July 2026
Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

10 July 2026
AI Data Labeler Mercor In Talks To Raise 0 Million At  Billion Valuation

AI Data Labeler Mercor In Talks To Raise $500 Million At $20 Billion Valuation

10 July 2026
NYT ‘Pips’ Hints, Answers And Walkthrough For Friday, July 10

NYT ‘Pips’ Hints, Answers And Walkthrough For Friday, July 10

10 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
OpenAI Intros GPT-Live Models: What Does That Mean?

OpenAI Intros GPT-Live Models: What Does That Mean?

10 July 20262 Views
Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

10 July 20262 Views
AI Data Labeler Mercor In Talks To Raise 0 Million At  Billion Valuation

AI Data Labeler Mercor In Talks To Raise $500 Million At $20 Billion Valuation

10 July 20263 Views
NYT ‘Pips’ Hints, Answers And Walkthrough For Friday, July 10

NYT ‘Pips’ Hints, Answers And Walkthrough For Friday, July 10

10 July 20261 Views

Recent Posts

  • ‘Escape From Tarkov’ Launches New Expansions Hub
  • Vietnam is paying women to have more babies—but they have to be on baby no. 2 to qualify
  • Why Americans Cannot Ignore August’s Total Solar Eclipse
  • Harry Styles fans flew to Amsterdam, paid a 21% premium for hotels—and sent inflation soaring
  • OpenAI Intros GPT-Live Models: What Does That Mean?

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
‘Escape From Tarkov’ Launches New Expansions Hub

‘Escape From Tarkov’ Launches New Expansions Hub

10 July 2026
Vietnam is paying women to have more babies—but they have to be on baby no. 2 to qualify

Vietnam is paying women to have more babies—but they have to be on baby no. 2 to qualify

10 July 2026
Why Americans Cannot Ignore August’s Total Solar Eclipse

Why Americans Cannot Ignore August’s Total Solar Eclipse

10 July 2026
Most Popular
Harry Styles fans flew to Amsterdam, paid a 21% premium for hotels—and sent inflation soaring

Harry Styles fans flew to Amsterdam, paid a 21% premium for hotels—and sent inflation soaring

10 July 20262 Views
OpenAI Intros GPT-Live Models: What Does That Mean?

OpenAI Intros GPT-Live Models: What Does That Mean?

10 July 20262 Views
Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

Inside Goodwood’s Future Lab, Where Tomorrow’s Technologies Become Tangible

10 July 20262 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.