PayPal Community

Cantoris · ‎Feb-01-2017

I've had two pieces of email containing links to the above domain that look legitimate - both addressed to me by full name.

The spoof service says they are "likely" fraudulent. Which is completely unhelpful!!

A moderator on this forum has already said the domain does not belong to PayPal.

PayPal's phishing awareness educational information always says to check links go to paypal.com or paypal.co.uk.

BUT have a look at the SSL certificate for the site - i.e. xxxxxxxxxx

It is an Extended Validation certificate issued by DigiCert to "PayPal, Inc. [US]".

[Screenshot attached to bottom of message]

That leaves two possible conclusions:

1. The advice coming from ALL sources is incorrect and this domain genuinely is related to PayPal!

2. DigiCert have issued a certificate in PayPal's name to a malicious third party by mistake. Given that this is an Extended validation certificate, it would be catastrophic for their business!

Somehow, I feel number one is more likely!

Using PayPal's own message centre, so far I have had two pointless standard response emails...

Please can someone with some connection to PayPal look into this? Thanks!

GrahamSH · ‎Jul-05-2017

I have sent a formal complaint to their business practices:

Through your 3rd Party email policy allowing emails to be sent from epl.paypal-communication.com PayPal are encouraging users to click on login links directing to domains other than paypal.com By encouraging this practice PayPal are exposing them to serious risks to their account from phishing emails. Only xxx.paypal.com domain can be considered secure.

Paypal are allowing Epsilon Data Management to send out email notifications to me appearing to come from PayPal. They tell me I can check my account by logging into Paypal. The button for logging in is linked to epl.paypal-communication.com This is obviously not a paypal.com domain. However exhaustive research has shown that Epsilon are officially working for you. No Paypal user should be encouraged to click on a link to any domain other than one ending in xxx.paypal.com (not -paypal.com).

Even your spoof service responded that the links are probably fraudulent and support denied (to other users) that the emails were from PayPal.

I have seen that your policy is to allow 3rd parties to use paypal-xxxx.com. This is unacceptable as it is impossible for a user to differentiate this from a phishing attempt.

I found this discussion of the issue on the Paypal community:

/t5/Access-and-security/epl-paypal-communication-com/td-p/1164823

In spite of the seriousness of the issue there was no official response.

See this link for a complete description of the situation.

https://cantoriscomputing.wordpress.com/2017/03/04/paypals-emails-encourage-dangerous-habits/

In view of this it is now IMPOSSIBLE TO TRUST ANY EMAIL FROM PAYPAL.

Until you change this policy and ensure that ALL links from PayPal emails link to xxx.paypal.com I will not read or trust any emails from you or your associates.

Graham xxx

Change your 3rd party email policy and ensure that ALL links from PayPal emails link to xxx.paypal.com

fluxlemur · ‎Jul-14-2017

Thanks everyone for looking into this. I've been convinced to close my PayPal account and use other online payment services.

PayPal has to step up their game if they want to be considered a viable, reliable, modern web-payment platform. There are simply too many alternatives out there.

Pessoa69 · ‎Mar-12-2018

Hi there,

I had the same issue.

I transferred the mail to spoof@paypal.fr and got the same robotic answer. What's even more funny is that the robot at spoof@paypal.fr writes in poorly phrased French which looks like scam mail too.

This is not serious. And this is dangerous. No more Paypaling for me.

PayPal Community

xxxxx

Haven't Found your Answer?