Did a content block, and of course the content has now updated. I've decided I'm
just going to block PayPal emails where the to header doesn't match the RCPT TO.
If PayPal wants forwarding to work for their email, they shouldn't allow
phishing content in them.
Hope to revisit this if they ever change how they handle this.
Groetjes,
Louis
On Thursday, December 12, 2024 1:06 PM, Ralf Hildebrandt via mailop
<mailop@mailop.org> wrote:
> * Richard Clayton via mailop <mailop@mailop.org [mailop@mailop.org]>:
>
> > In some cases ... where phone numbers are present, then ringing that
> > number (the only way that the recipient can contest the invoice) will
> > get you to "PayPal Customer Service".
> >
> > They will explain that the bad invoice issue is well-known and direct
> > you to a website where you can log in and open a ticket to contest the
> > invoice... that website will be branded PayPal and will request your
> > PayPal credentials. So "phish" can be correct.
>
> That is quite sophisticated.
>
> > At $DAYJOB$ we see a LOT of this and have for months... PayPal,
> > DocuSign, Intuit ...
>
> Same here.
> >
> > ... and although Microsoft are currently the main offenders for
> > replaying the emails at scale (essentially to "mailing lists")
>
> We're also see this via google groups (essentially "mailing lists")
>
> --
> Ralf Hildebrandt
> Charité - Universitätsmedizin Berlin
> Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
> Invalidenstraße 120/121 | D-10115 Berlin
>
> Tel. +49 30 450 570 155
> ralf.hildebra...@charite.de [ralf.hildebra...@charite.de]
> https://www.charite.de [https://www.charite.de/]
> _______________________________________________
> mailop mailing list
> mailop@mailop.org [mailop@mailop.org]
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
