PayPal Community

Here is the real shame of this:

If this email is legit--and PayPal has said it is legit--then all somebody now has to do is duplicate the email and replace the links with ones going to phishing sites. People will click on them trusting that PayPal has said the email is legitimate. PayPal should never have sent an email like this out in the first place (could it be that they are getting an affiliate cut based on those of us who update our browsers in response to the email?).

Like many others, I am already using the latest browsers, and I suspect that this email is being sent to all PayPal users regardless of what browser they are using. If so, the message, "It looks like you may be using an outdated browser with known security issues," is a lie designed to scare us.

Shame on you PayPal.

Yup, I got the same message. Said that I was at risk for not having my browser updated and offered up a link. This is most likely a phising attempt in that PayPal never offers up a link to do anything to your browser!

SCAM SCAM SCAM!!! There is obviously NO vetting here. Anyone can login and pretend to be a PayPal employee on this Community Board. In other words, don't believe anything you see here, including my post.

All you have to do is report this to spoofatpaypal.com and get the real info from the actual PayPal.  Here is their reply:

From: "spoof-reviewatpaypal.com" <spoof-reviewatpaypal.com>

Hello Danz2011,

Thanks for reporting that suspicious-looking email. The email you 
received was not sent by PayPal and it links to a fake website. We are 
investigating and working on stopping the fraud. 

If you have already given any personal or financial information to this 
fake website, you should immediately log in to your PayPal account and 
change the password and secret questions. You should also tell your bank
about this problem. 

To learn how to change your password, go to the PayPal website, click 
"Help" at the top of the page, and enter "How do I change my password?" 
in the search box. 

You should report any unauthorized account activity to PayPal. Here's 
how:

1. Go to the PayPal website. 
2. Click "Security Center" at the top of any PayPal page. 
3. Click "Start an unauthorized transaction claim" under "Report a 
problem" on the left. 
4. Log in to your account, or click "Continue" if you are unable to log 
in. 
5. Review the information about unauthorized transactions, and click 
"Continue."
6. Complete the report and click "Preview."
7. Check the box to state that the claim is accurate and click "Submit."
8. Confirm that you're the account owner by entering the financial 
information requested, and click "Continue." 

Your account security is very important to us, so we appreciate the 
opportunity to pass along this information. 

Thanks, 

PayPal


This email is sent to you by the contracting entity to your User 
Agreement, either PayPal Inc, PayPal Pte. Ltd or PayPal (Europe) S.à 
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 

Everyone,

I'm absolutely excited that this thread has grown so much in just a few days!  We have some passionate feedback regarding the emails you received, and I think that's wonderful - your voice helps PayPal decide how to shape our website in the future. 

I'd like to call out and comment on some key points that our members have made here, both for those who are new to the thread and those who are already engaged in the conversation -

• There may be phishing emails copying this email. 

This is an excellent insight.  Any communication sent by any company can be copied, and people who send phishing emails are quick to copy them.  For those of you who have forwarded emails to spoof@paypal.com and were told they were spoof, this could be the cause.  If you did forward an authentic email to PayPal, but received incorrect information, I can only offer my apology for any confusion it may have caused.

• I would have preferred a link inside of my account.

Another excellent point!  While PayPal won't email you an attachment or a software download, we do send out links on rare occasions.  In this instance, we sent a link to go to our website (https://www.paypal.com/safebrowser), where you can find instructions on how to update your browser.  We did not send an actual attachment or a software download, nor can you upgrade your browser directly from our website.  Our own web page only provides instructions on how to update your browser. 

We do not normally send out links to our members without advance notification (such as for password recovery or email address confirmation).  I can wholly understand your concern as to why a link was sent and why it doesn't mesh with general instructions we have provided previously.  Your cautiousness in using the link shows that you are aware of online security risks - and I don't want to discourage you from doing your best to stay safe online.  If you're uncertain as to whether the website above is legitimate, the path to locate the same page content on the PayPal website is www.paypal.com > click on "Security and Protection" at the top > then click on "Hardware and Software Security" at the bottom. 

• I'm not using an outdated browser - why did I get this email?

If you are using an updated browser, please ignore the email and accept my apology for the confusion.  It's possible you may have used an outdated browser in the past and simply were caught up in the mix - we're going to pass along this feedback to help our teams determine who should receive this type of notification in the future.

I'd also like to offer all of our customers an alternative solution to sending emails to spoof@paypal.com.  There is a free, downloadable app made by Iconix that can help you sort out phishing emails that pretend to be from PayPal.  Check out www.iconix.com/paypal for more information.

• Why did PayPal do this?

PayPal cares about your safety online.  If you use an outdated browser, and even if you have anti-malware and anti-virus programs that are fully up to date (as another member above also pointed out), you are still vulnerable to certain online threats that exploit loopholes in unpatched or outdated browsers.  If this portion of your online safety net isn't strong, you remain at risk for identity theft and being spoofed, something we wouldn't want to see happen to anyone, whether you are a customer of PayPal or not.  If this communication or the method that was used alarmed or concerned you, I can only offer my own sincerest apologies and assure you that your voice has been heard and your feedback will be forwarded on to our teams.

A big thank you to everyone in this thread - I appreciate you stopping in and joining in the discussion!

Adrian