PayPal just sent me an email (which you can see for yourself):
Dear Tikitu De jager, Christmas is approaching! Still need to find some gifts for your loved ones? We show you how to find unique gifts on eBay. Also, find out how you can send money home with PayPal and stay in touch for free with Skype! Seasons greetings! PayPal
The funny thing is, I could have sworn I asked them not to spam me. But…
This PayPal notification was sent to [ my address ] because you chose to receive All Policy Change Notices.
Oh. Fair enough. I suppose the policy that’s changed is that “Policy Change Notices” no longer contain notification of changed policies.
I still can’t make up my mind if this is phishing or corporate stupidity.
Case for phishing
- They misspell (mis-capitalise) my surname (“De jager”) while it shows correctly when I log in to paypal.com.
- Can anyone really be so soulless as to take “please send me all Policy Change Notices” as an invitation for Christmas spam?!
- The links in the newsletter go to
email1.paypal.nl, which is notwww.paypal.comwhich is where I log in. (Ok,paypal.nlis legit. But a DNS lookup site tells me that subdomain doesn’t exist.) - Said links include a session identifier, which would suffice to identify me for the phisher site.
Case against phishing
- The got the correct name and email address for my PayPal account. That’s not as easy as it sounds, it’s not the name you’re looking at. (It’s not so very difficult either, though, and the email address is an easy guess.)
- They don’t ask for any information or even that I go somewhere to “confirm” anything. The links are apparently continuations of the articles, or things like “Get Skype”. They all go to that
email1.paypal.nlthough. - And if
email1.paypal.nldoesn’t exist, how are they getting any information at all, let alone useful information?!
Result…
I’m confused. Anyone know anything about this? Legit and really bloody irritating, not to mention braindead stupid? Dodgy and diabolically clever? It’s got me puzzled.
Update
The PayPal spoofline says it’s fake. But I’m not sure I believe them — the email is clearly a form letter, and it looks to me like it just ripped out the urls from the email and checked whether they were registered to PayPal. Which they apparently aren’t, but I still can’t get past one question: how does it help a scammer to direct me to a non-existant website? (Hm. How does it help PayPal? Good question. No answer.)
Thank you for bringing this suspicious email to our attention. We can confirm that the email you received was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.
4 Comments
Yep, looking at it, my money is on ‘stupid’ rather than ‘phishing’. Surely in a company as sensitive to scams as Paypal should be, they’d do something smart like run all emails through someone who has an idea of how email scams work, to make sure that they don’t make things that look like one.
It’s the “should be” in “a company as sensitive to scams as PayPal should be” that’s got me worried. On the bright side, you just gave an argument for it being a phishing attack by someone who is at the same time diabolically clever and painfully stupid. I give it up.
You would be shocked to find whole list of scam & fraud report on http://www.scamclub.com
A site that plays an audio advertisement for their own services when you open the page, and doesn’t have a ‘mute’ button, doesn’t inspire much confidence I’m afraid — I’ll pass.