The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy.
I assure you of this. I have verified the DKIM and SPF information in the headers, checked all headers of any trace of alteration and of any trace of foreign IP address or domain.
It is also very correct: it informs me that my credit card behind the PayPal account is about to expire. It asks me to update the credit card by clicking on the yellow button.
At this point, I am without words. I would have never expected to receive something like this from PayPal.
Their suggestions to detect phishing and to report phishing are here: https://www.paypal.com/us/webapps/mpp/security/suspicious-activity
I quote:
Suspicious emails
Phishing and spoof emails aim to obtain your secure information, passwords, or account numbers. These emails use deceptive means to try and trick you, like forging the sender’s address. Often, they ask for the reader to reply, call a phone number, or click on a weblink to steal personal information. If you receive a suspicious email, FORWARD it to spoof@paypal.com. Our security experts can take a look to determine if it’s a fake. If it is, we’ll get the source of the email shut down as quickly as possible. Reporting these emails helps protect yourself and everyone else, too.
There are some hints about identifying scam email below, but it’s often difficult to be sure if something is real or fake since scammers adjust their tactics. So, if you have the slightest doubt, send it to our experts for investigation.
As a good user, I have sent them the entire email to spoof@paypal.com
How should they do things right?
They must not add any kind of link in the email on which the user should click.
They must ask the user to go to their website, login and change the data in the profile.
But nothing more than this.
What now?
I have canceled that account.
I wrote to PayPal and I am waiting for their answer.
If I don’t receive any or I don’t like it, I will consider erasing my main account which I have since 2004.
© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
The automatic answer from spoof@paypal.com:
Dear Sorin Mustaca,
Thank you for being a proactive contributor by reporting
suspicious-looking emails to PayPal’s Abuse Department. Our security
team is working to identify if the email you forwarded to us is a
malicious email.
Paypal Will Always:
– Address our customers by their first and last name or business name of
their PayPal account
Paypal Will Never:
– Send an email to: “Undisclosed Recipients” or more than one email
address
– Ask you to download a form or file to resolve an issue
– Ask in an email to verify an account using Personal Information such
as Name, Date of Birth, Driver’s License, or Address
– Ask in an email to verify an account using Bank Account Information
such as Bank Name, Routing Number, or Bank Account PIN Number
– Ask in an email to verify an account using Credit Card Information
such as Credit Card Number or Type, Expiration Date, ATM PIN Number, or
CVV2 Security Code
– Ask for your full credit card number without displaying the type of
card and the last two digits
– Ask you for your full bank account number without displaying your bank
name, type of account (Checking/Savings) and the last two digits
– Ask you for your security question answers without displaying each
security question you created
– Ask you to ship an item, pay a shipping fee, send a Western Union
Money Transfer, or provide a tracking number before the payment received
is available in your transaction history
READ!
Any time you receive an email about changes to your PayPal account, the
safest way to confirm the email’s validity is to log in to your PayPal
account where any of the activity reported in the email will be
available to view. DO NOT USE THE LINKS IN THE EMAIL RECEIVED TO VISIT
THE PAYPAL WEBSITE. Instead, enter http://www.paypal.com into your browser to
log in to your account.
What is a phishing email?
You may have received an email falsely claiming to be from PayPal or
another known entity. This is called “phishing” because the sender is
“fishing” for your personal data. The goal is to trick you into clicking
through to a fake or “spoofed” website, or into calling a bogus customer
service number where they can collect and steal your sensitive personal
or financial information.
We will carefully review the content reported to us to certify that the
content is legitimate. We will contact you if we need any additional
information for investigating the matter. Please take note to the
security tips provided above as they may help to answer any questions
that you may have about the email you are reporting to us.
Help! I responded to a phishing email!
If you have responded to a phishing email and provided any personal
information, or if you think someone has used your account without
permission, you should immediately change your password and security
questions.
You should also report it to PayPal immediately and we’ll help protect
you as much as possible.
1. Open a new browser and type in http://www.paypal.com.
2. Log in to your PayPal account.
3. Click “Security and Protection” near the top of the page.
4. Click “Identify a problem.”
5. Click “I think someone may be using my account without
permission.”
6. Click “Unauthorized Account Activity.”
Thank you for your help making a difference.
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you have helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
***********************************************************************
Please do not reply to this email. If you need to follow up, please
follow the steps above to access your account and utilize the Contact Us
resources from our site.
***********************************************************************
I received the reply from PayPal: THEY THINK IT IS A PHISHING SCAM !
Hello Sorin Mustaca,
Thanks for forwarding that suspicious-looking email. You’re right – it
was a phishing attempt, and we’re working on stopping the fraud. By
reporting the problem, you’ve made a difference!
Identity thieves try to trick you into revealing your password or other
personal information through phishing emails and fake websites. To learn
more about online safety, click “Security Center” on any PayPal webpage.
Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.
Your account security is very important to us, so we appreciate your
extra effort.
Thanks,
PayPal