On 11/7/24 3:02 AM, Alex wrote:
Hi,I received a paypal scam invoice using paypal servers that passed DKIM and sent through paypal servers but has the return path of some other server after it went through paypal.
[...]
From: "serv...@paypal.com <mailto:serv...@paypal.com>" <serv...@paypal.com <mailto:serv...@paypal.com>> To:billingdepartmen...@cvoedukempen.onmicrosoft.com <mailto:billingdepartmen...@cvoedukempen.onmicrosoft.com> Subject: Reminder: You've still got a money request It's intended for the victim to call the toll-free number to fake paypal immediately or they will be charged. Note from Berkshire Hathaway: Don't recognize the seller? Please contact PayPal Support Team immediately at .... If you have any issues, you can also contact +... (Toll Free). If you do not reach out, we will proceed with the transaction. I tried the trick of first adding *@paypal.com <http://paypal.com> to the welcomelist then blocking all of paypal.com <http://paypal.com>, but it didn't work. Both were blocked. welcomelist_auth *@paypal.com <http://paypal.com> blocklist_from *@paypal.com <http://paypal.com> None of the KAM paypal rules are effective here, either.
can I have a copy of the email ? I am working on improving some KAM Paypal rules. Thanks Giovanni
I can add the phone number and perhaps some body rules and the envelope sender, but is there a more durable way to block these?
OpenPGP_signature.asc
Description: OpenPGP digital signature
