Skip to main content

We’ve recently heard that scammers are recycling an old phishing attempt. In this version, scammers, posing as a well-known tech company, email a phony invoice showing that you’ve recently bought music or apps from them. The email tells you to click on a link if you did not authorize the purchase. Stop – do not click on the link. That’s the new twist on an old scam.

More precisely, you just experienced a phishing attempt – that is, when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information. The scammers then use that information to commit fraud or identity theft.

Scammers also use phishing emails to get access to your computer or network – then they install programs like ransomware that can lock you out of important files on your computer.

Here are some tips to help keep your information secure:

  • Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, type in the web address for the organization or call them. The link in the email may look right, but if you click it you may go to a copycat website run by a scammer.
  • Be cautious about opening attachments. A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account.
  • Set your security software to update automatically, and back up your files to an external hard drive or cloud storage. Back up your files regularly and use security software you trust to protect your data.

If you got a phishing email or text message, report it. The information you give helps fight scammers.

Search Terms
phishing
scam
Topics
Unwanted Calls, Emails, and Texts
Scams
All Scams
Phishing Scams

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

MichaelEdits
February 23, 2018
Oh, I get buried in these things. But (1) I know what I have and haven't ordered and (2) With any email, I take my finger off the button before I put my mouse over any link, and look at the link address at the bottom left of my screen. It rarely matches who the email claims it is.
TonyJ
February 23, 2018
Why don't you post example images of the emails?
J2
November 20, 2018

In reply to by TonyJ

Hi, TonyJ! If memory serves, I tried to include a screen shot of one of the emails to them, but, per their own advice to us, they don't open any attachments! :(
mamabear
February 23, 2018
On all cell phones should be some kind of device that deletes before consumers get it!
P.J.
February 23, 2018

In reply to by mamabear

New things have to be invented for sure. These people need to be caught. There's no reason so many people's lives should be upset.
Brock512
May 22, 2018

In reply to by mamabear

In email, look at who sent it. A mishmash of letters and numbers @whatever.com would hint you it’s not legit. Misspelled words and missing capitals or bad grammar is another red flag. On a PC you can set to block senders or by key words to filter the number of these you get.
FAEAWW
February 23, 2018
We are under attack by actors daily as is most small business. Very time-consuming stopping to double check your operation. Sadly it's a must for conducting business. Using well-known software can help. Phishing scam, privacy violations, online security compromise is our business for it a must be to prevent lost.
rikosheye
February 23, 2018
got my eye on this one thanks
Kermitt
February 23, 2018
I copy links in suspect email then paste them in a text doc to see waht they really say and if they all are the exact same link I know it’s something to not believe.
Owensopines
February 23, 2018
This scam is also perpetrated using an out-of-area 855 number. I did not answer the call so they left a voicemail message. Unfortunately (or fortunately) the number was not one that could be called. People need to be aware about seemingly valid phone calls.
Bobby
February 23, 2018
I have recently received two e-mails purportedly from Apple which informed me I had purchased some sort of music and the click on a link if I didn't. I recognized this as a scam and sent the e-mails to Apple.
P.J.
February 23, 2018

In reply to by Bobby

Good idea. Your attorney general should be of help in going after people, too.
Jb
February 24, 2018

In reply to by Bobby

I also have received those same messages , claiming to be from apple .
greensyas
March 03, 2018

In reply to by Bobby

I too got the same email and clicked on the link to dispute it, when that link didn't work I found out that it's scammers and now I don't know what to do,can you help?
FTC Staff
March 14, 2018

In reply to by greensyas

Sometimes scammers send messages that include malware, and when you click on a link it activates the malware.This FTC article about malware (malicious software) tells what to do if you start to notice problems with your computer.

Phil A.
February 23, 2018
One of these low-lifes hacked into my email account and sent one of these phishing invoices to everyone on my contact list.
slb
February 23, 2018
Yes, these are old scams and they are resurfacing. Our business has received several "Invoices", we delete on receipt. Thank you for the information
Alert Alice
February 23, 2018
Whenever I get an email or phone call that makes me curious or interested and unknown, I don't open it or answer phone. I've been scammed using my family twice and worried alot but didn't fall for it in the long run. Always check with family involved. Also report it to FTC to help others.
Rose
February 23, 2018
I have also received a text message to click on a link. (I have a free Google Voice number, so fortunately, that's a computer number.) I get phishing emails constantly. Thank you for the reminder that phishing attacks are still prevalent and create high exposures ehich can further cybercriminal activities.
72MrW60214
February 23, 2018

Your information on watching scammers are insightful. As business adviser, I appreciate and value your inputs. Thank you for caring and having a watchful eyes, to protect small business

Cautious
February 23, 2018
Home Services Calls from area code 202. Am on NO CALL LIST. Recording with the old "Press 1." Asked to be taken off their auto-dialing. Angry and abusive, nasty person "talked over me and hung up. Called them back and requested removal and told them I was on the FTC no call list and further call would be "actionable.) Received 5 calls so far. Am keeping the phone numbers date and time. How do I "prosecute" them if they continue to bombard with phone calls?
Diane E
February 23, 2018
I too get alot of emails stating that my order was ready to ship or that I have purchased something that I know I haven't. I put my mouse over the address and check out who is sending this stuff before I delete it.
Sonya
February 26, 2018

In reply to by Diane E

I have been getting emails about a payment that I made on a credit card that I don't have as well as credit card payments that are due. I am so sick of all of the scammers!
anon
February 23, 2018
The American Medical Association sends me Renewal Invoices even though I don't belong. I've complained to the USPS Postmaster without reply.
diane
February 24, 2018
I have been receiving many of these emails from PayPal stating that I have ordered something. They have a website for these emails. I forward everything to "spoof" set up by paypal for these emails. Lucky for me I opened them first. Found out what to do. thank you .
Emails with in…
February 24, 2018
I’ve gotten a few emails from my best friend and my daughter (spoofed, of course) with an invoice and a link to open the supposed invoice. My friend is a teacher and my daughter has a business. Neither of them have any reason to send me an invoice. An invoice from my daughter? Really?!? I let them know they’ve been hacked. I hover over the email address and it is not their address.
marina52
February 26, 2018
Thank you for your message.
Sonya
February 26, 2018
I get several emails about credit card payments being received and about credit card payments that are due. In addition, there are emails about packages being shipped. I am sick of these phishing emails!
Drea
February 26, 2018
For protection of emails. Always set up second verification for sign in purposes. The second verification should always be notification through text or an app on your phone such as google or microsoft that notifies you whenever there is activity. open a new page to company such as Apple or Amazon and contact the company. Most of these phishing scams disguise as internet companies such as Amazon, Ebay, ITunes and PAYPAL. Also beware of online accounts with department stores as well. When not sure do not respond without contacting company
Dancer
February 27, 2018
Thank you for this information.
connie2cats
March 01, 2018
I received email from Microsoft store to download update. Not sure if this was from Microsoft but I did order an update but it was downloaded when I purchased it. The email started with, "Hi there!" And I don't think that's how Microsoft starts an email! They usually start it with your name.
Scammed
March 13, 2018
I received an e mail tonight from (supposedly) L L Bean who I often order online items from. I opened the PDF file before thinking. Of course, it was a scam, but my question is, since I opened the file, am I now in danger?
Jack L
April 03, 2018
Beware of this type of scams, previously a subject named Philippe Bellasio in France used it in a mail network that requested data with the excuse of having won any prize and used this data to perpetrate scams or identity thefts.
Almost Got Me
April 03, 2018
Received email stating: "We recently received an order for the following product: Order Reference Number: 71525-21575- Product ID ; Product Name : Order Price: MS-12256 Microsoft Surface Pro: $3,676.88 USD - You may check the status of product here. Product status www. google. co. in/> If you have questions about the product, you may dall at 1-800-972-2370. (toll-free) Regards, Microsoft Customer Service" WE DID NOT ORDER THIS OR ANYTHING FROM MICROSOFT! - EMAIL CAME FROM: Reference # 71525-21575- We did not order this - we do not want this - have directed our bank NOT TO PAY in any way for this order!
JM in VA
April 03, 2018
I get 2 or more phishing attempts each week that look like an Apple invoice for items I would never buy. I forward them to reportphishing @apple. com as well as to my email's junk/phishing link. When an attempt comes from a bank I don't use, I go to that bank's website and find their email for reporting spam attempts. I will also begin sending them to the link above - spam@uce.gov. These people are criminals and we need to do our part to stop them, not just safely delete offending emails.
erickred
April 02, 2018
Theft of data through false web pages. This type of scams is one of the most used by Philippe Ballesio and his criminal organization. It consists in cloning web pages of banking entities and, like many people when they want to consult their account statement, they do not usually write the link of the bank's website in the Internet bar, but they use a search engine. This action means that, from the search engines, you can probably access a cloned page created by Philippe Ballesio. By entering the username and password of these sites, it is certain that the data of the "clients" will be stolen, which will allow the band of criminals led by Philippe Ballesio to enter the real account to make transactions and steal the balance banking.
l311
April 04, 2018
Just like Almost Got Me above I too received an email stating I had ordered a Microsoft Surface Pro for $3,676.88 along with a reference number and a phone number that did not even resemble a real phone number. I checked all my credit card accounts and ran a full scan on my laptop. There's a special place in hell for these people.
I’m an American
May 04, 2018

In reply to by l311

Got the same email today. Did these scumbags tap into your bank accounts? I haven’t deleted the email in the event it is needed for evidence.
Donna9100
January 08, 2020

In reply to by l311

I received this email yesterday and called them but did not have time to work with them. Suppose to receive a call back today to complete the fraud purchase. Very Glad I looked into this first!!!
morden.
June 19, 2018

My friend received an email early hours of this morning with my name as the sender.. Addressed to my friend and it said.. I am near Adelaide. This email was not sent by me plus the senders address is the email address above?? This is highly suspicious.. Does anybody know what this is.??

BostonRS
April 29, 2018
Just got an email from llbean claiming I made a purchase. I checked all my credit card accounts and called llbean. They didn't recognize the order number but everything else was legit incl. the email address sent from. I did not click on the link within the email
Tiredofthis
May 19, 2018
Got an email from a hotmail account for a handyman. Receipt for services paid via cash. Project #. No links, but my name,email address, and street address were all correct. After I opened it I deleted it.
Tough Brick
June 01, 2018
Had a one year romance and said he was a soldier, everything seemed real. He send me pictures. An ID and possport. Even send me a picture of his retirement check for $657,000,000. I have those pictures.
gregoz
July 02, 2018
If you get an email and the link you click wants you to enter your email address and password, they can then login to your mail server and send to everyone on your contact list as if it were you. Your computer will not be infected but you will need to change your mail password on your mail server.
John
July 26, 2018

Does this look like a fake email..? What a Scam!

I am Mr Bamba Claude an Auditor Officer, PNC bank . I need your collaboration and your Services to disguise 2.5M dollars Euros from an account where we conceal the fund after Nicolas Sarkozy lost French election of 2011. The fund was part of the gift given by late Libyan president to the former French president Nicolas Sarkozy for his re-election. Pressure Under the current investigation on the issue, pushed me to contact you, nobody knows about this deposit in the bank. My intent is to contact you to aid in the safekeeping and to invest the fund with you, Reply strictly through my personal Email: bamba_ claude@ africamel. net for more details. Have a nice day, anticipating your communication. Regards, Mr. Bamba Claude Senior Audior Officer, PNC Bank

Me
August 24, 2018
I received an email from what appeared to be from iCloud Support(s) with an attachment the yes, I opened the pdf attachment and it was an invoice stating that they had withdrawn money for 2 TB of iCloud Storage, but I never ordered it. There was no other information and it didn’t ask for any information from me and had no links to click on. So no I wonder if it activated some type of malware when I opened the PdF. Has there been any other complaints about this type of email and if so, what is the signs to look for? I checked my Apple account and did not see that this was ordered or that there was such a billing. Also checked my bank acct and nothing was withdrawn. I contacted Apple and they want me to forward the email an an attachment, but can’t figure out how to do that on my iPhone using Outlook for my email. Help!
Springfield Bill
August 29, 2018
Received a phony invoice email today for $25 saying if I did not order the ‘Starlight’ item to click on the PDF to dispute the payment. The instruction was to not just click on the PDF but to download it first to keep it on my computer, then to open it from my computer. I immediately deleted it....
lenny56769
September 08, 2018
i know i have no virus or malware so how do they know when you pay a bill to send you a fake link for that place right after .
J2
November 20, 2018
On my Gmail account that I use for signing up for newsletters and everything, I've been getting a bunch of "invoices" and "returns" and "dispute status" messages from "Ali Express" using a consistent customer name. Just today, I got my first two from "Michael Kors" for another person who is decidedly not me: one receipt and one return. My first instinct is to contact them to tell them they have the wrong address. And that's what they're phishing for! A nice sucker who will reply to these things. Noping right out of that! You should, too!
Return to top