That's odd. The fraud emails we have gotten do not use an actual PayPal
address as the sender (they have been using @.pp.com) and that is a
legitimate address used to notify users when their accounts have been
limited, which does happen and they have an FAQ regarding that. One of ours
got limited o
On Mon, 15 Jun 2020, Daryl Rose wrote:
So, I received an email from "service.i...@paypal.com", Subject "Your
PayPaI account has been limited". This is clearly a phishing attempt and
not a legitimate email from paypal.
I analyzed the headers, the message comes from a server here in the United
Start here:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
Then try something like:
header __Custom_NotFromPaypal1Subject =~ /paypal/i
header __Custom_NotFromPaypal2Received !~ /paypal/i
metaCustom_NotFromPaypal ( __Custom_NotFro
So, I received an email from "service.i...@paypal.com", Subject "Your
PayPaI account has been limited". This is clearly a phishing attempt and
not a legitimate email from paypal.
I analyzed the headers, the message comes from a server here in the United
States, the spam score is 5, and Spamassas
