This looks like it is an actual invoice reminder email coming from paypal. Like
a fraudulent "seller" created an invoice with your email as the customer.
So not really an email authentication issue, more of a platform issue.
> The subject says, "You have paid an invoice", but the body says, "Please pay
> your invoice"
My guess is that the name of the invoice is You have paid an invoice. Thus the
subject Reminder - You have paid an invoice. Normally that would say something
like Reminder - Mailop January invoice.
> The bottom indicates that Paypal "will always contain your full name", but the
> top indicates "Hello, PayPal Customer"
That message is within the "Seller note to customer" paragraph.
> I haven't tried the phone number but pretty sure that's where the scammers are
> sitting.
Also within the "Seller note to customer" paragraph, so yeah probably.
Paypal could do more to differentiate the content coming from the "seller" and
not them. Currently it's quite easy to overlook the "Seller note to customer"
title, as this thread shows.
Op woensdag 28 december 2022 om 19:14, schreef Cyril - ImprovMX via mailop:
> Hi everyone!
>
>
> If I recall correctly, there was already a discussion here on something
> similar, but I'd like to share my story here.
>
>
> Yesterday, I received an email from Paypal with the subject "Reminder - You
> have paid an invoice".
>
>
> The content of the email is the following:
>
>
> first.png [attachment:ATT00001]
>
>
>
> There are a few things to note that are surprising :
> * The email is really coming from Paypal (serv...@paypal.com)
> * The SPF/DKIM AND DMARC are valid
> * All the links inside the email point to Paypal.com, even though I haven't
> clicked on the "View ad Pay Invoice"
> * The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
> [http://mx4.phx.paypal.com] (https://check.mx/ptr/66.211.170.90
> [https://check.mx/ptr/66.211.170.90])
>
>
>
> And a few inconsistencies :
> * The subject says, "You have paid an invoice", but the body says, "Please
> pay your invoice"
> * The bottom indicates that Paypal "will always contain your full name", but
> the top indicates "Hello, PayPal Customer"
> * I haven't tried the phone number but pretty sure that's where the scammers
> are sitting.
>
> Here's the validation from GMail:
>
>
> second.png [attachment:ATT00002]
>
>
>
> What I'm saying here, is what the hell? How a scam can come from Paypal like
> this?
> This is a serious issue, and they need to fix this because I'm not sure my
> parents would catch the scam here, all seems legit!
>
>
> Stay safe, and happy holidays!
>
>
> Best,
> Cyril
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
