The bad guys are at it again. This time, they broke into PayPal and have been sending malicious invoices directly to users.
We've all seen plenty of spoofed emails claiming to be from PayPal. This one is different because the malicious invoice is coming directly from PayPal and passes all the usual tests that you and I would use to spot a scammer.
The good news is that while these emails are passing all of the email validations (eg. It's not coming from a Gmail account and passes SPF, DKIM and DMARC checks), the body of the email should alert cautions users that it's not authentic.
In these emails, the grammar and spelling is all over the place and the phone number listed is not related to PayPal.
The scammers are trying to get victims to call that phone number. Don't call. If you do, now they have your cell phone number and can use it for more attacks and yet another way to try and scam you - by phone.
If you do get a suspicious email from PayPal, log into your paypal.com account and look for messages there. No messages? No problem. Delete the email. Done.
Stay safe out there.