The fight against spam has been going on for many years now and recent advances in the quality of anti-spam software employed by ISPs and businesses across the globe have done much for the cause. However, spammers are nothing if not resourceful and some have started to utilise PayPal’s invoicing system in an effort to get their messages across unhindered by spam filters and anti-malware suites. By using member accounts to raise zero dollar invoices, spammers are able to send their messages via PayPal’s own internal messaging system, thereby giving them the appearance of legitimate communications.
At the time of writing no official resolution has been proposed and no comments have been forthcoming from anybody in a position of authority. It should of course go without saying that should you receive one of these zero dollar invoices, from what looks like a legitimate PayPal account, you should not click on any links that may be contained in the accompanying message. Many spam messages contain malware or links to phishing sites that are designed to convince the recipients to enter usernames and passwords for personal accounts they hold online.
If you should receive a suspicious looking message that seems to contain important information, either via PayPal’s invoicing system or a more conventional channel, it is always best to check with the company the mail is supposed to have come from before opening it. It is much easier to prevent malware from entering your PC, smartphone or tablet than it is to eradicate it after the event.