** Spoof / Phishing Emails - Tips on how to identify & stay protected **
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.
You’ll know that an email is not from PayPal when:
- The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
- The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
- The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
- The email includes a software update to install on your computer.
Here are some security tips to help you stay protected online:
- Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
- When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
- Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.
If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.
Hope this helps,
Siobhán
- Labels:
-
Fraud & Phishing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys,
Thank you for contacting the Community Forum and welcome to Gillsing as a new member!
The paypal-communication.com is not a registered domain for PayPal. We very rarely include links in our emails and would request a customer to log in to their PayPal Account directly through a secure connection (mainly home rather than public wifi) if there was an issue or we needed something updating.
If unsure, forward the email to spoof@paypal.com. Our team will take a look and reply with an update.
Thanks - Siobhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe paypal-communication.com is a domain legitimately owned by Paypal. Can you confirm with your security team?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sigh, It's legit.
Raw WHOIS Record
Domain Name: paypal-communication.com Registry Domain ID: 1649488607_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Registrant Organization: PayPal Inc. Registrant Street: <removed>, Registrant City: San Jose Registrant State/Province: CA Registrant Postal Code: [removed] Registrant Country: US Registrant Phone: +1.Go to https://www.paypal.com/help and click "Call Us"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @bar-keep
Have a look here too: /t5/Access-and-security/epl-paypal-communication-com/td-p/1164823
I've had so many PayPal people tell me it's not their domain despite the overwhelming evidence to the contrary.
Doesn't inspire confidence at all...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rocqua wrote:That's what I thought, until I received a link towards epl.paypal-communication.com .
After some digging around, that domains is also registered by paypal, but it gave me quite the scare.
So it is legit? Really strange PayPal does this, as I only (tend to) trust 'paypal.com'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've just had one of these.
It looks suspicious due to the target URL but has my real name on it which is very unusual for a scam.
The site's SSL certificate is an Extended Validation one issued by DigiCert to "PayPal, Inc. [US]" which would suggest it is actually legitimate but the domain is registered to "Epsilon Data Management" (whereas paypal.co.uk and paypal.com are not) which is suspicious again!
I've sent a help email about it through my account and forwarded the email to spoof@paypal.co.uk
I'll update this thread if I get a definitive response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My complete experiences of trying to get PayPal's opinion on emails with links to epl.paypal-communication.com are summarised here in the following link. I hope it's OK to post it here.
https://cantoriscomputing.wordpress.com/2017/03/04/paypals-emails-encourage-dangerous-habits/
I've given up!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do not trust buyer!!!
Post edited to comply with forum guidelines, personal information cannot be posted
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.