@jimfenton wrote:
I wanted to print out my monthly statement, so I went to the email message I recently received and clicked on the link there (which is not a good idea, and I should know better). Rather than going to paypal.com, the link went to paypal-communication.com. I shut down the browser quickly because registering and using a similar domain is a technique that is commonly used by phishing.
I looked more closer at the message, and saw that it was sent by mta123b.pmx1.epsl1.com, which also isn't paypal.com, and I got yet more concerned. But after looking at the message header for a while, I was able to determine that the message had a good DKIM signature, meaning that it probably was sent by PayPal after all. In any case, I logged in directly to PayPal to find my statement (which isn't easy to find, BTW).
PayPal shouldn't be training users to click on links in email, especially links that point to different domains. I thought PayPal was better than this.
The icing on the cake: The text (in this case for Austria) even says "Loggen Sie sich dazu einfach auf PayPal.at ein", with the link still pointing to paypal-communication.com.
Oh and the reassurance "Sie erkennen Spoof oder Phishing-E-Mails oftmals schon in der Anrede. PayPal wird Sie immer mit Ihrem Vor- und Nachnamen anschreiben." (Paypal will always address you by first and last name, that's why it's not phishing.)...seriously? It only takes a single leak with email+name to spoof this. I'm shocked that I have to spell this out.
What the hell, Paypal? That's textbook phishing stuff!
I don't have to need to look at the whois entry to ensure this is not a phishing attempt.
