If you think you’ve received a suspicious email or have been directed to a fake website, forward it to firstname.lastname@example.org and we’ll investigate it for you. After you send us the email, delete it from your inbox. If you clicked on any links or downloaded any attachments within the suspicious email or website, log into your account and view your transactions. It’s also a good idea to change your password.
Just checking, is Paypal now sending out a email telling you your monthly account statement is ready, or is this a phishing email I just recieved?
Because something about this email smells funny.
I have the same question, and the same suspicions.
The email I got says:
YOUR MAY ACCOUNT STATEMENT FROM PayPal IS READY
LOG IN TO VIEW NOW
All the URLs in the email start out "https://email0.paypal.com/..." yet it still seems strange. The URL's are incredibly long, for no obvious reason. What's more, the headers show that the email did NOT come from a paypal or eBay mailserver:
Received: from om-paypal-na.rsys4.com (om-paypal-na.rsys4.com [22.214.171.124])
rsys4.com? What's that? It doesn't seem to be a real domain.
Looking up the IP...
AT&T Services, Inc. ATT (NET-12-0-0-0-1) 126.96.36.199 - 188.8.131.52
Responsys ATTENS-010369-005188 (NET-12-130-139-0-1) 184.108.40.206 - 220.127.116.11
CERFnet ATTENS-SJC1-2 (NET-12-130-128-0-1) 18.104.22.168 - 22.214.171.124
That's not Paypal!
What's going on??
DO NOT OPEN THIS EMAIL. I received the same monthly account statement on 06.16.11. I always preview the settings before I open anything from PayPal. I saw no problems and everything was legit. However, when I actually opened the email, it had me log in. It accepted my email address, but kept saying my "password" was not recognized. Tried several times, went to the ask/problems area, but literally locked my computer up and would not let me type. I have been trying ALL DAY TODAY 06.17.11 to reach PayPal. My computer is just haywire, my security/virus system never stops running. I cannot clear it. I cannot access any viable means to reach PayPal. Even the "live chat" is set to just repeat the same statements. Was given a phone number to contact - I called and kept repeating my sign-in finally saying that this service is discontinued. THIS IS A VIRUS! My computer is going nuts!
How'd this thing get marked "solved?" It's certainly NOT solved!
Note that all those web addresses in the email started out "https://email0.paypal.com/servlet/..." -- i.e., they're using a real paypal.com address. That seems to mean that Paypal's "servlet" implements a mechanism for redirecting through a paypal address to an arbitrary (bogus!) external web site! If so, that is a HUGE security flaw!!!
Paypal/eBay, please address this problem!!!
I marked it solved as reporting it to Paypal seems to be the best option for right now. Treat it just like the Playstation Network hacking and change your password, and keep a close watch of your bank statements.
From what I've seen lately, reporting this to Paypal accomplishes little or nothing! SOMEBODY PLEASE GET THE "SOLVED" TAG OFF THIS BEFORE WE'RE ALL LEFT HOLDING AN EMPTY BAG!!!!!