** Spoof / Phishing Emails - Tips on how to identify & stay protected **

PayPal_Siobhán
Moderator
Moderator
Posted on
‎Mar-28-2013 07:17 AM

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.

 

You’ll know that an email is not from PayPal when:

 

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

 

Here are some security tips to help you stay protected online:

 

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

 

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.

 

Hope this helps,

 

Siobhán 

Labels:
Login to Me Too
Login to Reply or Kudo
137 REPLIES 137

ba296
Contributor
Contributor
‎Feb-27-2017 07:46 AM

I believe paypal-communication.com is a domain legitimately owned by Paypal. Can you confirm with your security team?

Login to Me Too
0 Kudos
Login to Reply or Kudo

bar-keep
Contributor
Contributor
‎Feb-27-2017 11:51 AM

Sigh,  It's legit.

 

 

Raw WHOIS Record

Domain Name: paypal-communication.com
Registry Domain ID: 1649488607_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Registrant Organization: PayPal Inc.
Registrant Street: <removed>, 
Registrant City: San Jose
Registrant State/Province: CA
Registrant Postal Code: ‎[removed]
Registrant Country: US
Registrant Phone: +1.Go to https://www.paypal.com/help and click "Call Us"
Login to Me Too
0 Kudos
Login to Reply or Kudo

Cantoris
Contributor
Contributor
‎Feb-27-2017 12:40 PM

Hi @bar-keep

Have a look here too: /t5/Access-and-security/epl-paypal-communication-com/td-p/1164823

I've had so many PayPal people tell me it's not their domain despite the overwhelming evidence to the contrary.

Doesn't inspire confidence at all...

Login to Me Too
0 Kudos
Login to Reply or Kudo

Kapé
Member
Member
‎Sep-01-2016 12:18 PM
@rocqua wrote:

That's what I thought, until I received a link towards epl.paypal-communication.com .
After some digging around, that domains is also registered by paypal, but it gave me quite the scare.


So it is legit? Really strange PayPal does this, as I only (tend to) trust 'paypal.com'.

Login to Me Too
Login to Reply or Kudo

Cantoris
Contributor
Contributor
‎Jan-11-2017 11:37 AM

I've just had one of these.

It looks suspicious due to the target URL but has my real name on it which is very unusual for a scam.

The site's SSL certificate is an Extended Validation one issued by DigiCert to "PayPal, Inc. [US]" which would suggest it is actually legitimate but the domain is registered to "Epsilon Data Management" (whereas paypal.co.uk and paypal.com are not) which is suspicious again!

 

I've sent a help email about it through my account and forwarded the email to spoof@paypal.co.uk

 

I'll update this thread if I get a definitive response.

Login to Me Too
Login to Reply or Kudo

Cantoris
Contributor
Contributor
‎Jan-31-2017 11:51 AM
I got a reply from the spoof-reporting email address saying that the URL was "likely fraudulent" - that's not conclusive enough for me! Today, I received another email addressed to me by full name and referencing "policy updates". I tested the link (which was to the same "epl.paypal-communication.com" domain as before) via Sandboxie and it redirected through to a genuine policy updates page at paypal.com. I've emailed PayPal Support again...
Login to Me Too
Login to Reply or Kudo

bar-keep
Contributor
Contributor
‎Mar-01-2017 08:50 AM

Thank you for your persistence.  

Login to Me Too
Login to Reply or Kudo

Cantoris
Contributor
Contributor
‎Mar-03-2017 05:18 PM

My complete experiences of trying to get PayPal's opinion on emails with links to epl.paypal-communication.com are summarised here in the following link.  I hope it's OK to post it here.

 

https://cantoriscomputing.wordpress.com/2017/03/04/paypals-emails-encourage-dangerous-habits/

 

I've given up!

Login to Me Too
0 Kudos
Login to Reply or Kudo

Artiominas
Contributor
Contributor
‎Dec-14-2013 01:08 PM

Do not trust buyer!!!

 

Post edited to comply with forum guidelines, personal information cannot be posted 

Login to Me Too
0 Kudos
Login to Reply or Kudo

PayPal_paula
Moderator
Moderator
‎Apr-02-2014 09:53 AM

Hi Artiominas, 

 

Although we really appreciate you trying to warn our members to be careful, we can not post personal informattion here. 

 

If you receive any of these emails in the future please do let us know. You can also send them to us to spoof@paypal.com. 

 

Thanks 

Paula 

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.