Those “You’ve Sent a Money Request” Emails from Paypal are SCAMS

Those You've Sent a Money Request Emails from Paypal are SCAMS
Share the knowledge

By now you’ve probably received one or more of those notifications that seemingly legitimately claim that you have requested money from someone through your Paypal account. The subject is something like “You’ve sent a money request”, and the email goes on to say something like (actual example) “You requested $299.99 USD from Apple Chandler Fashion Center. YOUR NOTE TO Apple Chandler Fashion Center. Didn’t made this order? Call-I(833) 552-7II8”.

[Website maintenance provided by Usestrict and we love them!]

Do Not Fall for This!
Those You've Sent a Money Request Emails from Paypal are SCAMS

 
 

A quick reading of the headers will show you that the emails (at least this particular one) actually originate through a Microsoft Outlook account, however that account (in this sample it’s barbarizo.onmicrosoft.com) designates an IP address belonging to Paypal (40.93.6.29) as a permitted sender, making the “From:” address of service@paypal.com look legitimate:

Authentication-Results: dkim=pass header.d=paypal.com header.s=pp-dkim1 header.b=Ti5ZlN8t; dmarc=pass (policy=reject) header.from=paypal.com; spf=pass (concerto.isipp.com: domain of “bounces+SRS=wbifn=UU@barbarizo.onmicrosoft.com” designates 40.93.6.29 as permitted sender) smtp.mailfrom=”bounces+SRS=wbifn=UU@barbarizo.onmicrosoft.com”

The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Note that the subdomain, barbarizo, is a Portuguese word meaning “to barbarize”. It means crude, savage, or barbaric, or to debase or degrade.

It’s like the scammers put it right in their subdomain.

Not all of the “You’ve sent a money request” purport to request money from a business. For example this one – and note that the telephone number in this one is different from the telephone number in the previous one – goes to an individual Gmail account. Also note that each of the telephone numbers start not with a “1”, but with an “I” (uppercase letter i). In fact, you can filter them using the string “Call-I(” (at least for now).

“You requested $699.99 USD from barrettbrent3366@gmail. com

YOUR NOTE TO barrettbrent3366@gmail. com:

Don’t recognize the seller? Call-I(888) 328-33I2.
quote
Payment request details
Transaction ID: U-4XJ90328KW7453833
January 27, 2025
Amount requested $699.99 USD
You can request a different amount, send a friendly reminder, or cancel your request if you’ve changed your mind.
Manage Your Request”

So How Did They Embed a Link to Your Paypal Account in the “Manage Your Request” Button?

You may be wondering how the scammers managed to embed a link to your Paypal account in the “Manage your request button”.

Guess what. They didn’t.

That button is simply to the Paypal site, which will dutifully prompt you to log in. You see, making you think that this email comes from your account, and that the button will take you to “your request”, is part of the social engineering they do to get you to log into your Paypal account while presumably, they track you.

When we plugged the link into a safe sandbox, it counted 8 websites through which the link passed before arriving at the actual Paypal domain.

Bottom line: It’s a scam. Don’t click on it, just delete it.

The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Get New Internet Patrol Articles by Email!


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.