I've seen a number of these. What helps me catch them is they are
always to a scraped address, not my tagged address used with PP.
Richard
On 2022-12-28 12:14 p.m., Cyril - ImprovMX via mailop wrote:
Hi everyone!
If I recall correctly, there was already a discussion here on something
similar, but I'd like to share my story here.
Yesterday, I received an email from Paypal with the subject "Reminder -
You have paid an invoice".
The content of the email is the following:
first.png
There are a few things to note that are surprising :
* The email is really coming from Paypal (serv...@paypal.com
<mailto:serv...@paypal.com>)
* The SPF/DKIM AND DMARC are valid
* All the links inside the email point to Paypal.com, even though I
haven't clicked on the "View ad Pay Invoice"
* The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
<http://mx4.phx.paypal.com> (https://check.mx/ptr/66.211.170.90
<https://check.mx/ptr/66.211.170.90>)
And a few inconsistencies :
* The subject says, "You have paid an invoice", but the body says,
"Please pay your invoice"
* The bottom indicates that Paypal "will always contain your full
name", but the top indicates "Hello, PayPal Customer"
* I haven't tried the phone number but pretty sure that's where the
scammers are sitting.
Here's the validationĀ from GMail:
second.png
What I'm saying here, is what the hell? How a scam canĀ come from Paypal
like this?
This is a serious issue, and they need to fix this because I'm not sure
my parents would catch the scam here, all seems legit!
Stay safe, and happy holidays!
Best,
Cyril
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
