Table of Contents

• 1. Example of the BitPoint Capital PayPal calendar invite
• 2. Why this is a scam: red flags in the message
• 3. What is a calendar invite phishing scam?
• 4. How to check if a PayPal invoice is real
• 5. How to protect yourself (Google / Apple / Outlook calendars)
• 6. What to do if you already called the phone number
• 7. Technical corner: what the email headers reveal
• 8. Further reading and official resources

1. Example of the BitPoint Capital PayPal calendar invite

Here is a slightly redacted example of the calendar event that appeared in the recipient’s inbox and calendar. The event arrived via a Google Calendar invitation with an attached .ics file, not as a normal PayPal email.

Subject Line:
Your Paypal invoice from BitPoint Capital

Calendar Event Caption:
Your Paypal invoice from BitPoint Capital, Olivia Almeida

Body Text:
Paypal
Date: Tuesday, 11 November 2025
Registration Id: DQ-83452-FFI-2091
Customer Assistance Number: +1-(808)-343-6895
Your plan is still active.

Dear,

Your recent order for Shiba Inu (SHIB) Coins has been processed successfully.
The payment of $357.88 has been confirmed and the product will be activated shortly.

Paid Invoice Notice
Wallet: 70070b3f-25bb-4bed-ae9e-28489948c133
Qty: 1x
Payment: bank
Ref: HREEFDIC

For support or refund assistance, please contact +1-(803)-210-7352.

In Kindness,,
Paypal Customer Billing
© 2025 Paypal, Inc. All rights reserved.

When:
Tuesday Nov 11, 2025 · 1:41pm (Singapore Standard Time)

Organizer:
Olivia Almeida <dracoo1@black1717.com>

Guests:
(Guest list has been hidden at organizer’s request)

If you see an event like this on your calendar, do not call the listed phone numbers, and do not assume the transaction is real until you have independently confirmed it inside your actual PayPal account.

2. Why this is a scam: key red flags

2.1 Wrong delivery method for a “PayPal invoice”

• Legitimate PayPal invoices and payment confirmations show up:
  • Inside your PayPal account or app under Activity or Invoices, and
  • As an email from a @paypal.com address.
• They do not arrive as a random calendar event sent by an unfamiliar person.

PayPal describes how genuine emails and invoices work and how to spot fake ones on their own help pages: How do I spot a fake or phishing PayPal email? and What are invoice and money request scams?.

2.2 Suspicious organizer address

• Organizer and Reply-To: "Olivia Almeida" <dracoo1@black1717.com>
• This is not a PayPal address, and not a recognized financial institution domain.
• The email is sent via Google Calendar as a legitimate calendar notification, which is why it may pass technical checks like SPF and DKIM while still being a scam.

2.3 Crypto purchase you never made

• The event claims you purchased Shiba Inu (SHIB) coins for exactly $357.88.
• These highly specific amounts are chosen to create panic and urgency.
• If you log into PayPal directly and there is no such transaction in your Activity, the “invoice” is bogus, regardless of what the calendar invite claims.

2.4 Multiple “support” phone numbers

• The event lists two different U.S. phone numbers for “Customer Assistance” and “refund assistance.”
• Legitimate businesses usually list one official support number that can be verified on their website.
• Scammers want you to call them directly so they can pretend to be PayPal or your bank and walk you into sharing sensitive information or installing remote-access software.

2.5 Sloppy greeting and formatting

• Greeting is simply “Dear,” with no name.
• Sign-off: “In Kindness,, Paypal Customer Billing” (extra comma, inconsistent capitalization).
• Real PayPal messages typically address you by your full name or business name and keep branding consistent.

3. What is a calendar invite phishing scam?

Calendar phishing is an attack where scammers send unsolicited calendar invitations that automatically appear on your calendar. These invites may look like meeting requests, invoices, or security alerts. They frequently mention PayPal, Bitcoin, or other cryptocurrencies and include a phone number or link that leads to the scammers.

Several universities and security vendors have warned about this exact technique:

• Montclair State University – Beware of Google Calendar Phishing Invites
• UC Berkeley – Preventing Scams and Phishing in Google Calendar
• UCLA – “PayPal Payment Confirmation for BTC” Google Calendar Phish
• Lawrence Berkeley Lab – Cyber Alert: Phishing Scams Using Google Calendar Invites
• UMBC – Phishing campaign via Google Calendar invites
• Malwarebytes – Fake calendar invites are spreading

Similar scams have also been documented abusing Apple’s iCloud Calendar, showing fake PayPal charges and urging victims to call a phone number:

• Malwarebytes – iCloud Calendar infrastructure abused in PayPal phishing campaign
• Zimperium – iCloud Calendar invites abused to phish PayPal users
• PaymentsJournal – Bad actors exploit Apple’s iCloud Calendar for phishing attempts
• TechRadar – Apple users beware: hackers exploit iCloud Calendar invites

The common pattern in all of these cases is the same: a calendar invite claims a large PayPal or crypto charge and tells you to call or click in order to “fix” it. The goal is not to resolve a real problem, but to start a conversation that leads to identity theft or financial loss.

4. How to check if a PayPal invoice is real

1. Ignore the calendar event itself. Do not click links and do not call the numbers in the event.
2. Open PayPal manually. Type paypal.com into your browser or use the official PayPal app. Do not rely on links in emails or calendar entries.
3. Check your Activity. Look under Activity or All Transactions for:
   • The claimed amount (e.g., $357.88), and
   • The merchant name (e.g., “BitPoint Capital”).
   If you don’t see it there, the “invoice” is not real.
4. If you see a suspicious invoice inside PayPal itself:
   • Do not pay it.
   • Use PayPal’s tools to cancel or report the invoice.
   • Forward any suspicious email to phishing@paypal.com, as recommended by PayPal: Recognize fraudulent emails and websites.

PayPal has a dedicated article about invoice and money request scams: What are invoice scams and money request scams on PayPal?

5. How to protect yourself from calendar invite scams

5.1 General best practices

• Never call phone numbers listed in unsolicited calendar events or emails.
• Verify directly with the company:
  • Log in to PayPal using a bookmark or manually typed address.
  • Contact your bank using the phone number on the back of your card.
• Enable two-factor authentication (2FA) on your email and PayPal accounts.

5.2 Google Calendar

Because Google often auto-adds invites to your calendar, scammers take advantage of that default. University IT departments and security companies recommend changing a few settings so events from strangers do not get auto-added.

For step-by-step instructions and background, see:

• UC Berkeley – Preventing scams and phishing in Google Calendar
• Ntiva – Calendar Phishing: How Cybercriminals Are Targeting Your Calendar
• Malwarebytes – Fake calendar invites are spreading

5.3 Apple / iCloud Calendar

• Decline suspicious invites and do not click “OK,” “Maybe,” or “Join” if you don’t recognize the sender.
• Consider turning off automatic event additions from unknown senders if your workflow allows it.
• Review recent coverage on iCloud Calendar phishing:
  • Malwarebytes – iCloud Calendar infrastructure abused in PayPal phishing
  • Bitdefender – iCloud Calendar exploited to push phishing emails

5.4 Microsoft / Outlook / other calendars

• Delete any suspicious event and consider adjusting settings so invitations from unknown senders are not auto-accepted.
• Check with your organization’s IT department if you are on a corporate or university system.

6. What to do if you already called the phone number

If you or someone you know already called the “customer assistance” number from a BitPoint Capital / PayPal calendar invite:

1. Hang up immediately if you realize it’s a scam.
2. If you gave them information:
   • Change your PayPal, banking, and email passwords right away.
   • Turn on 2FA on all important accounts.
3. If you installed any software at their request:
   • Disconnect from the internet.
   • Uninstall the remote-access program they had you install.
   • Run a reputable anti-malware scan or contact a trusted local technician.
4. Contact your bank or card issuer and explain that you may have been scammed. Ask them to review your recent activity and discuss next steps.
5. Report the scam:
   • To PayPal: follow instructions on PayPal’s security pages.
   • To the U.S. Federal Trade Commission: ReportFraud.ftc.gov.
   • You can also review the FTC’s guide: How to spot, avoid, and report tech support scams.

7. Technical corner: what the email headers show

For readers comfortable with email headers, the BitPoint/PayPal calendar invite includes lines similar to:

Received: from mail-io1-f74.google.com ([209.85.166.74])
        by mx.perfora.net (mxeueus007 [74.208.5.3]) with ESMTPS ...

Reply-To: "Olivia Almeida" <dracoo1@black1717.com>
From: "Olivia Almeida" <dracoo1@black1717.com>
Sender: "Google Calendar" <calendar-notification@google.com>

Authentication-Results: perfora.net; dkim=pass header.i=@black1717-com.20230601.gappssmtp.com
Authentication-Results: perfora.net; dkim=pass header.i=@google.com

In plain language, this means:

• The message was sent through a legitimate Google mail server (mail-io1-f74.google.com) and handed to the recipient’s provider (mx.perfora.net) over an encrypted connection.
• The From and Reply-To fields clearly identify the organizer as @black1717.com, a domain that is not PayPal.
• DKIM signatures for both @black1717.com and @google.com validate correctly, which tells us the message really did originate from Google’s infrastructure on behalf of that domain.

This is a key point: modern scammers routinely use fully legitimate infrastructure (Google Workspace, Apple iCloud, Microsoft 365) and set up authentication records correctly. Technical “pass” results (SPF, DKIM, DMARC) only prove that the message is authentic for that sender, not that the sender is honest.

8. Further reading and official resources

• PayPal security and scam education
  • How do I spot a fake or phishing PayPal email?
  • What are invoice and money request scams?
  • Recognize fraudulent emails and websites
• Calendar phishing and fake invites
  • Montclair State University – Beware of calendar phishing
  • UC Berkeley – Preventing scams in Google Calendar
  • LBL – Google Calendar invite scams
  • Malwarebytes – Fake calendar invites are spreading
  • WIRED – Google Calendar malware is on the rise
• Reporting fraud and scams
  • ReportFraud.ftc.gov – Official U.S. government fraud reporting
  • FTC – How to spot, avoid, and report tech support scams

Together, these links provide strong third-party confirmation that “Your PayPal invoice from BitPoint Capital” calendar invites – especially those mentioning Shiba Inu (SHIB) coins and urging you to call a phone number – are part of a calendar-based phishing and callback scam, not legitimate PayPal activity.