PayPal Community

Johnsfolly · ‎Apr-26-2018

Recived this email supposedly from Paypal:

Hello John,
We periodically review your PayPal Credit account and will need your annual income after taxes to help determine if you are eligible for future credit line increases.

Is it for real?

RandallTo · ‎May-21-2018

I forgot to mention. Do not send or mark this email as spam or else any further legit emails from paypal.com will be blocked. This is a scam sent but sent from paypal's real email server. Forward it to spoof@paypal.com. Don't click on the link and if you did go to your browser setting and delete all coockie and cache data for the last hour or going back to before when you clicked on it. I opened it in chrome but using chrome's incognito window (so no data is saved to the machine) and it did not load a page which could be mean it was attempting to run some sort of malicious script. Most scams appear with a cloned copy that looks like a paypal login. The scam site was either down at the time or this was trying to installed a malicious script.

View solution in original post

arling · ‎Apr-26-2018

I got the same message. Consider it a scam. PayPal does not need this info/nor should they have it. If this is a requirement I do not need their increase of credit.

Johnsfolly · ‎Apr-30-2018

I'd love to hear a response from someone at PayPal...but I'm not sure there is anyone really there!

PayPal_Olivia · ‎May-07-2018

Hi @Johnsfolly,

I'm sorry to hear that the email you've received is causing confusion.

There have been actual requests from PayPal for customers to log in and supply information, but it's always good to be cautious if you ever suspect that an email is not from PayPal. Please take a look at this page for information about what to look out for. You can also forward any suspicious emails to spoof@paypal.com.

I hope this helps!

Olivia

If this post or any other was helpful, please enrich the Community by giving kudos to its author, accepting it as a solution, and/or coming back to assist others. Members make this Community great!

RandallTo · ‎May-21-2018

The link to login is not a real paypal.com domain but instead a made up hyphenated link. You can always hover any link or button in an email and tell right away. If the last part of the domain is not paypal.com then it is not real. So something.something.PAYPAL.COM is really paypal. something.something-paypal.com is not real because someone used a simple hyphen to make it appear like it paypal.com. You can make up clever similar domains all day long for 8 dollars each as long as some else has not already purchased it.

You can usually tell by the sending email as it should never be something.paypal.com for spoofed emails but instead sent from some other domain. With this particular email spoof (and I have seen many over the years from A to Z, not just paypal) and never do the emails come from the real domain. This one did. Paypal should pay attention to this one more than the others because someone has actually hacked into paypal's email server and is sending scams right from Paypal's own email server.

I am not sure why the moderator could not answer the simple question but if there is an actually paypal moderator, alert your managers that your email servers have been compromised.

RandallTo · ‎May-21-2018

I forgot to mention. Do not send or mark this email as spam or else any further legit emails from paypal.com will be blocked. This is a scam sent but sent from paypal's real email server. Forward it to spoof@paypal.com. Don't click on the link and if you did go to your browser setting and delete all coockie and cache data for the last hour or going back to before when you clicked on it. I opened it in chrome but using chrome's incognito window (so no data is saved to the machine) and it did not load a page which could be mean it was attempting to run some sort of malicious script. Most scams appear with a cloned copy that looks like a paypal login. The scam site was either down at the time or this was trying to installed a malicious script.

Johnsfolly · ‎May-21-2018

Thank you for taking the time to reply in such detail!

RandallTo · ‎May-22-2018

It is unfortunate but PayPal is now doing some very bad practices. I did get a reply back from spoof@paypal.com yesterday afternoon and it was NOT a scam. It was though suspicious (as they seemed surprised from the language in the email) and does not follow their guidelines. What this appears to be is a rouge department (probably marketing) within the paypal org attempting to be discrete and fly under radar (without the approval of their network security) to gather some additional information on users. If it was official then you would see an alert or notification when you logged into paypal portal and paypal credit portal but there is none on this scheme. The also explains the very bad practice of using a some other domain for the button link that is not paypal.com. What the sneaky marketing department is doing, is going outside their org and using some mailing service, to once again, circumvent their organization's security policies. The link did work yesterday evening and would not work the several times I tried it earlier. It redirects to a valid paypal.com url. Prompting a paypal login. I still did not enter my credentials because I was already logged into paypal and it should have just taken me to what ever page it wanted me to go to but it didn't. Something seems very phishy with this because it is not something you can navigate to directly by logging into paypal directly which is completely against all standard security practices. Hopefully they crack down on the rouge employees behind this.

PayPal Community

Is this a scam?

Haven't Found your Answer?