Hi everyone! If I recall correctly, there was already a discussion here on something similar, but I'd like to share my story here.
Yesterday, I received an email from Paypal with the subject "Reminder - You have paid an invoice". The content of the email is the following: [image: first.png] There are a few things to note that are surprising : - The email is really coming from Paypal (serv...@paypal.com) - The SPF/DKIM AND DMARC are valid - All the links inside the email point to Paypal.com, even though I haven't clicked on the "View ad Pay Invoice" - The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com ( https://check.mx/ptr/66.211.170.90) And a few inconsistencies : - The subject says, "You have paid an invoice", but the body says, "Please pay your invoice" - The bottom indicates that Paypal "will always contain your full name", but the top indicates "Hello, PayPal Customer" - I haven't tried the phone number but pretty sure that's where the scammers are sitting. Here's the validation from GMail: [image: second.png] What I'm saying here, is what the hell? How a scam can come from Paypal like this? This is a serious issue, and they need to fix this because I'm not sure my parents would catch the scam here, all seems legit! Stay safe, and happy holidays! Best, Cyril
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
