cancel
Showing results for 
Search instead for 
Did you mean: 

** Spoof / Phishing Emails - Tips on how to identify & stay protected **

Re: phishing scam?

hi guys

just received a text from "Paypal UK" with link to a scam. 
http://paypal.account.verification.refund.ap1-secure.uk/442a3ca33fc2a672a0e537a3118c381e/

 

lext looks so genuine until following the link.

 

 

New Community Member

Re: phishing scam?

Don´t let yourself be fooled with links like

 

http://paypal.account.verification.refund.ap1-secure.uk

 

the first part is named in bad faith,and can be choosen arbitrarily by anyone who ownes the domain at the end.

the longer the domain name, the more suspicious it is.

 

only www.paypal.com is genuine and should be in the end of the link.

 

So before you click a link, move with the mouse over the link, and look for the true domain, which you will find at the end and  which includes the country code.

New Community Member

Re: phishing scam?

That's what I thought, until I received a link towards epl.paypal-communication.com .
After some digging around, that domains is also registered by paypal, but it gave me quite the scare.

Member

Re: phishing scam?

I also got this kind of email. "Updated agreement, click to read".

 

No email I've verified come from PayPal, uses this domain, and every single link in the mail contains a long code. It also includes a 0-by-0 pixel image sourcing the site with this code (a typical "read verification" technique often used by spammers to verify that an address exist and is used).

The email uses a PayPal loga sourced from an epsilon.com sub domain.

 

Q: Does paypal control the site paypal-communication.com?

 

If the email is really from paypal, they should use less suspicious/tracking techniques, and definitely let all links go to a paypal.com sub domain (may I suggest the domain name epl.communication.paypal.com? That would make me feel more confident).

 

New Community Member

Re: phishing scam?

I just got an email from epl.paypal-communication.com as well, and while it does look genuine with my first name and last name, I would never risk using a link that doesn't go to paypal.com or paypal.(country code). Because as far as I know, any phisher could use a domain name that contains the word "paypal" and some extra word that seems reasonable. Even for this site I checked to make sure before logging in.

 

It was also suspicious that PayPal would send me a "You've got money in your PayPal account"-message when it's just the remains from my last purchase, and only went from 0.02 GBP to the equivalence of 0.07 GBP. Sure, that's 'money' all right, but it's not something worth the time I'm taking to write this post. Is PayPal really this desperate to remind me of its existence?

New Community Member

Re: phishing scam?

Can we get a deffinitive answer as to whether

paypal-communication.com

is actually a paypal controlled domain?

 

Also, why send an e-mail form one domain with links to different domains?  This will trigger most spam filters.

 

Nic

 

Moderator

Re: phishing scam?

Hi Guys,

 

Thank you for contacting the Community Forum and welcome to Gillsing as a new member!

 

The paypal-communication.com is not a registered domain for PayPal. We very rarely include links in our emails and would request a customer to log in to their PayPal Account directly through a secure connection (mainly home rather than public wifi) if there was an issue or we needed something updating.

 

If unsure, forward the email to spoof@paypal.com. Our team will take a look and reply with an update.

 

Thanks - Siobhan

New Community Member

Re: phishing scam?

I believe paypal-communication.com is a domain legitimately owned by Paypal. Can you confirm with your security team?

New Community Member

Re: phishing scam?

Sigh,  It's legit.

 

 

Raw WHOIS Record

Domain Name: paypal-communication.com
Registry Domain ID: 1649488607_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Registrant Organization: PayPal Inc.
Registrant Street: 2211 North First Street, 
Registrant City: San Jose
Registrant State/Province: CA
Registrant Postal Code: 95131
Registrant Country: US
Registrant Phone: +1.Go to https://www.paypal.com/help and click "Call Us"
<snip>
Tags (1)
Contributor

Re: phishing scam?

Hi @bar-keep

Have a look here too: /t5/Access-and-security/epl-paypal-communication-com/td-p/1164823

I've had so many PayPal people tell me it's not their domain despite the overwhelming evidence to the contrary.

Doesn't inspire confidence at all...