New to the community? Welcome! Please read our Community Rules and Guidelines
Join the live Q&A with our Community moderator team Wednesdays, 1-2pm PT (4-5pm ET) and Fridays, 4-5pm GMT. Learn more in Community Events
just received a text from "Paypal UK" with link to a scam.
lext looks so genuine until following the link.
Don´t let yourself be fooled with links like
the first part is named in bad faith,and can be choosen arbitrarily by anyone who ownes the domain at the end.
the longer the domain name, the more suspicious it is.
only www.paypal.com is genuine and should be in the end of the link.
So before you click a link, move with the mouse over the link, and look for the true domain, which you will find at the end and which includes the country code.
That's what I thought, until I received a link towards epl.paypal-communication.com .
After some digging around, that domains is also registered by paypal, but it gave me quite the scare.
I also got this kind of email. "Updated agreement, click to read".
No email I've verified come from PayPal, uses this domain, and every single link in the mail contains a long code. It also includes a 0-by-0 pixel image sourcing the site with this code (a typical "read verification" technique often used by spammers to verify that an address exist and is used).
The email uses a PayPal loga sourced from an epsilon.com sub domain.
Q: Does paypal control the site paypal-communication.com?
If the email is really from paypal, they should use less suspicious/tracking techniques, and definitely let all links go to a paypal.com sub domain (may I suggest the domain name epl.communication.paypal.com? That would make me feel more confident).
I just got an email from epl.paypal-communication.com as well, and while it does look genuine with my first name and last name, I would never risk using a link that doesn't go to paypal.com or paypal.(country code). Because as far as I know, any phisher could use a domain name that contains the word "paypal" and some extra word that seems reasonable. Even for this site I checked to make sure before logging in.
It was also suspicious that PayPal would send me a "You've got money in your PayPal account"-message when it's just the remains from my last purchase, and only went from 0.02 GBP to the equivalence of 0.07 GBP. Sure, that's 'money' all right, but it's not something worth the time I'm taking to write this post. Is PayPal really this desperate to remind me of its existence?
Can we get a deffinitive answer as to whether
is actually a paypal controlled domain?
Also, why send an e-mail form one domain with links to different domains? This will trigger most spam filters.
Thank you for contacting the Community Forum and welcome to Gillsing as a new member!
The paypal-communication.com is not a registered domain for PayPal. We very rarely include links in our emails and would request a customer to log in to their PayPal Account directly through a secure connection (mainly home rather than public wifi) if there was an issue or we needed something updating.
If unsure, forward the email to firstname.lastname@example.org. Our team will take a look and reply with an update.
Thanks - Siobhan
Sigh, It's legit.
Raw WHOIS Record
Domain Name: paypal-communication.com Registry Domain ID: 1649488607_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Registrant Organization: PayPal Inc. Registrant Street: 2211 North First Street, Registrant City: San Jose Registrant State/Province: CA Registrant Postal Code: 95131 Registrant Country: US Registrant Phone: +1.Go to https://www.paypal.com/help and click "Call Us" <snip>
Have a look here too: /t5/Access-and-security/epl-paypal-communication-com/td-p/1164823
I've had so many PayPal people tell me it's not their domain despite the overwhelming evidence to the contrary.
Doesn't inspire confidence at all...