dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
20191
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

4 edits

1 recommendation

PayPal Email...your enhanced account statement is here

"disclaimer" ... there IS a legitimate email being sent of the same title.

But I have never received or made a payment from/to anyone via Paypal...

I don't even have a paypal account..but got this tonight..

Therefore I strongly suggest that if you do use paypal..and get this email.. read it...but don't click on any links within the body of the email..Rather go to paypal the way you usually do to login and see if they are offering you this enhanced account feature.

How to tell if an email is from PayPal [ Edited ]
Feb-17-2011 04:41 PM - last edited on Feb-22-2011 12:33 PM
»www.paypal-community.com/t5/Frau···#U197656

_______________________________________________________
From : "PayPal"

To : xxxxxxxx@xxxx.com

Subject : (YOUR NAME), your enhanced account statement is here

Date : Sun, Apr 17, 2011 08:52 PM






Review your enhanced PayPal account statement today.
View mobile | View online

Recover your password | Get help | Your account



Hello (YOUR NAME),

Exciting news! You now have an enhanced way to view and quickly keep track of your account activity.

See your enhanced Account Statement
You can access your statement any time by clicking Statements from your Account Overview. Want to see it now? Go

Accept electronic communications from us
To continue to receive information about your account electronically—including your account statements—you must accept our Electronic Communications Delivery Policy. It only takes a few clicks:

• Log in to PayPal
• Click the Electronic Communications Delivery Policy link and read the policy
• Click the checkbox to accept the policy
• Click Agree and Continue

For additional information on reporting unauthorized transactions or other errors, follow the steps listed in section 12 of the PayPal User Agreement: Resolution Procedures for Unauthorized Transactions and Other Errors

© 2011 PayPal Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
________________________________________________________

It's a Scam
»www.paypal-community.com/t5/Repo···p/236012
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


MikeTest
Non-Believer

join:2010-10-19
Moribund

Re: PayPal Phising Email...your enhanced account statement here

Yeah, I got this e-mail and I didn't click on any of it's links and I did set it aside...

However, I don't think it's a phishing attempt. Headers look legit for Paypal Advantage advertising and Google hits seem to agree.

I've forwarded the e-mail to spoof@paypal.com but why should we be 100% sure the left hand knows what the right hand is doing?

I'd like a definitive answer with a well thought out explanation.



MikeTest
Non-Believer

join:2010-10-19
Moribund
reply to Name Game

Also, there ARE new Paypal Account Statements available as PDFs for the last 3 months. It's new and what the e-mail ad was about.

Better safe than sorry of course, always. It's just good practice not to go to any account via a link in an e-mail. But, again this looks legit.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

reply to MikeTest

said by MikeTest:

I'd like a definitive answer with a well thought out explanation.

Forward it to the DSLR phishtracker.
That should be enough to get an answer on whether or not it's a phishing attempt.
»/phishtrack


MikeTest
Non-Believer

join:2010-10-19
Moribund

said by Snowy:

said by MikeTest:

I'd like a definitive answer with a well thought out explanation.

Forward it to the DSLR phishtracker.
That should be enough to get an answer on whether or not it's a phishing attempt.
»/phishtrack

Not to be a prick, but who is going to do what to determine an e-mail's legitimacy? And, what are they going to do that I can't do myself? I mean, no explanation is given at all as to what is investigated or how.

I'm certainly not questioning the people here that do so much good work, but I make a point, no?


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

said by MikeTest:

... who is going to do what to determine an e-mail's legitimacy?

me.
These emails will eventually cross my desk if they are phish.
The DSLR phishtracker is just a way to fast track them.


MikeTest
Non-Believer

join:2010-10-19
Moribund

Me, what? How are you going to determine the legitimacy or not of said e-mail?



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

The headers will provide all the data that's needed to determine where the the email originated.
If an email originated from a computer in the middle of a rice field in S. Korea, I'll stake my reputation on the fact that it did not originate with PayPal.



MikeTest
Non-Believer

join:2010-10-19
Moribund

said by Snowy:

The headers will provide all the data that's needed to determine where the the email originated.
If an email originated from a computer in the middle of a rice field in S. Korea, I'll stake my reputation on the fact that it did not originate with PayPal.

Of course, I did that. The info in the headers point to Responsys. Responsys appears to be a marketing company that Paypal uses for well, marketing.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

said by MikeTest:

said by Snowy:

The headers will provide all the data that's needed to determine where the the email originated.
If an email originated from a computer in the middle of a rice field in S. Korea, I'll stake my reputation on the fact that it did not originate with PayPal.

Of course, I did that. The info in the headers point to Responsys. Responsys appears to be a marketing company that Paypal uses for well, marketing.

Well that's the difference.
Submitted to the phishtracker, I wouldn't use words like 'appears". It would be either definitively defined as a phishing attempt or not.
You do bring up a good point about the possibility of PayPal using a 3rd party mailing service.
With that in mind, the complete email submitted to the phishtracker will get the answers you're looking for.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

reply to Name Game

said by Name Game:

I don't even have a paypal account..but got this tonight..

Not having a PayPal account is always one of the clues that an email purportedly from PayPal may not be what it says it is, but you can always submit them to the phishtracker too.
»/phishtrack


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

1 recommendation

FWIW, if I do a search on "Responsys," I find that WOT puts a big red circle on virtually all links, starting with their corporate website.
--
Don't let the pluperfect be the enemy of the perfect.



Drunkula
Premium
join:2000-06-12
Denton, TX
reply to Name Game

I got it, too. Not sure what it was about it but I suspected it right away. Then I got side-tracked.



Krisnatharok
Caveat Emptor
Premium
join:2009-02-11
Earth Orbit
kudos:12

Is that the same as this? »Bypassed Spamfilter: Paypal phishing email?



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Snowy

For all you posting in this thread..I did not ask anyone if it was phishing email..I am telling you it is...the header is from Paypal there is no @info.paypal.com and the link I posted in the first post if you read it..confirms someone already sent the email to Paypal and the confirmed it was phishing. And it bypassed spam filters...strange that since where it comes from is crooked.
Have a nice day.

»www.robtex.com/dns/info.paypal.com.html

»Bypassed Spamfilter: Paypal phishing email?
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Krisnatharok

said by Krisnatharok:

Is that the same as this? »Bypassed Spamfilter: Paypal phishing email?

Yes


Krisnatharok
Caveat Emptor
Premium
join:2009-02-11
Earth Orbit
kudos:12

I submitted it to paypal's phishing address and haven't heard anything from them since.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 recommendations

Semper Fi buddie..maybe the need a few "more" good men on the job

gysgt USMC 63-72



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Name Game

If anyone lives in the UK...here are some more similar Phishing Scams running there now.."enhanced" seems to be the byword on these new scams they even use the words enhanced security in some of the headers...

»www.mrsvip.net/business-scams/?t···%20scams



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

1 recommendation

reply to Name Game

I received that email.

No, I do not think it is phishing. It looks legitimate to me. The links all appear to be genuine paypal links.

The email appears to have been sent from 12.130.139.53. But it is not unusual for businesses to hire somebody to do their mailings.

In any case, people should follow the safe procedure - don't click on links in the mail. Instead, use your bookmarked link to get to the paypal site.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 4.0



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

baloney..the url it takes you to if you do click on the link is the same as the 2010 scam
posted by this guy quickshadowman..same type scam just a different type of email..but same url links he is posting here..was in mine. »www.paypal-community.com/t5/How-···7#M20428

As stated above I don't even have a paypal account..never did and it had my name in full in the subject and the body of the email..



MikeTest
Non-Believer

join:2010-10-19
Moribund

It's not "baloney" and it's not a phishing scam. It's a direct marketing program by Paypal via Responsys.

It's legit. It may be annoying but it's not a scam.

It's healthy to be paranoid. Much better than being ill prepared and getting ones ID stolen.

However, at some point I fear the paranoia makes one a victim in another way.

BTW, clicking that mysterious link? Dumps you right to the Paypal front page, personal tab. Nothing going on at all.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

It's then a direct marketing to just anyone even if they don't or never did have an account...where ever they getting their mailing list they should regroup and push their spam out another way.

Paypal sucks

»www.paypalwarning.com/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



MikeTest
Non-Believer

join:2010-10-19
Moribund

Paypal is great.

Who's spamming who here?

You say you don't even use Paypal, so WTF do you care?

The e-mail in question is legit and if you don't like it, filter it.



EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

2 edits

2 recommendations

reply to Name Game

Of course, there is always the chance that Paypal has a program like that in progress and are notifying users, and phishers are also sending out their own malicious version. So, one person's email could be from Paypal, another could be a phish.

Examining the email headers and source and testing the target links and pages as is done by phishtracker folks would be a reasonable and prudent forensic exercise.

As a general rule, I don't click on any email links to go to sites where phishing might be costly to me financially or from an identity theft standpoint.

Just because the email has my name or other personal information in it does not render it trustworthy to me, but rather merits investigation and independent forensic verification of the target links.

For whatever reason, my lovely bride occasionally gets email from Chase with links in it that, after careful investigation, are found to be legitimate in origin. However, the email is still deleted and the links remain virgin

Regarding those Paypal phish emails, I gotta wonder how the phishers were able to glean the recipient's name to insert in the email. Perhaps there's been a data breach we don't know about.

EDIT - I followed the link th ethe Paypal forum post in Name Game See Profile's topic post. The link in the subject email in the Paypal forum post goes to an SSL page with a Verisign class 3 extended certificate registered to www,paypal.com, Paypal inc. . All cookies are displayed as coming from paypal.com. I would conclude that it's legitimate - or that Verisign class 3 certificate has been forged, which is highly unlikely unless there's a really critical SSL spoofing exploit we don't know about.
EDIT 2 - include subject email for clarity. There are others in the topic that are clearly phish.

quote:
Notice of Policy Updates

Dear Richard Quick,

You are receiving this notification because you have elected to receive email notice of all PayPal Policy Change Notices.

PayPal recently posted a new Policy Update. You can view this Policy Update by logging in to your PayPal account. To log in to your account, go to »www.paypal.com and enter your member log in information. Once you are logged in, look at the Notifications section on the top right side of the page for the latest Policy Updates.

If you need help logging in, go to our Help Center by clicking the Help link located in the upper right-hand corner of any PayPal page.

Sincerely,

PayPal

And the actual link was going to this URL:

»email0.paypal.com/servlet/cc6?ii···9GVRRRUW ...

Beware of this one.

I would still not use any links provided in emails, though. I'd either use my bookmarks or type in paypal.com, check the cert and navigate on my own.
--
Follow your dreams, except the one where you're naked in church.


jeisenberg
New Year's Eve

join:2001-07-06
Windsor, ON
Reviews:
·Cogeco Voip

1 recommendation

reply to Name Game

My first question to you would be: did you previously receive any emails from legitimate businesses informing you that your email information may have been compromised by the theft of data from Epsilon?

Epsilon's data breach exposed the email addresses and matching names for potentially millions of email accounts, and the expectation is that this information will enable very convincing phishing attempts for many years to come.

Anyone who continues to use email addresses reported by Epsilon as compromised will have to endure ongoing intelligent phishing attempts. If you are in a position to shed these email addresses, it will reduce your vulnerability to phishing attempts.



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to Name Game

gmail validates paypal mail.



jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4
reply to Name Game

I received that exact email for an account formerly used by my son. That email account is unused now, but anything sent to it is forwarded to me. The links in the email were all valid and secure. However, instead of clicking on any of them, I went directly to Paypal and logged in with the unused email address. Turns out my son had an account with a $0 balance. I deleted the Paypal account for good measure, but the email you describe was not a phish in my opinion.



gorrillamcd
Hangin' Out

join:2010-04-01
mexico
reply to nwrickert

Weird, since all the links in the email point to exactly the same place. It seems "phishy" to me!
--
I'm an IT technician with a lot to learn, taught by viewers like you!



jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

1 edit
reply to MikeTest

said by MikeTest:

Paypal is great.

Who's spamming who here?

You say you don't even use Paypal, so WTF do you care?

The e-mail in question is legit and if you don't like it, filter it.

I care! I think that any time there's a questionable email such as this one and any time those who know about security are questioning it, it's something to care about.
--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay