PayPal is teaching fraudsters how to create the perfect phishing email

PayPal is sending a lot of emails these days, one of these got me confused.

I am sure now it is a valid email, but the multitude of different links in it and the confusing information is making this email very suspicious.


Here is a summary of the email:


Ihre Meinung ist uns wichtig. Daher möchten wir Sie einladen, ein paar Fragen zu Ihrer Erfahrung mit PayPal zu beantworten. Sie helfen uns damit, unseren Service für Sie noch besser zu machen. Alle Antworten sind selbstverständlich anonym und vertraulich.
Um an dieser 10- bis 15-minütigen Umfrage teilzunehmen, klicken Sie einfach auf den Button. Sie haben bis zum 27/01/2023
Als Dankeschön für Ihr Feedback erhalten Sie automatisch eine Gewinnchance für einen Mastercard-Geschenkgutschein im Wert von 1.000 €.* Für weitere Einzelheiten zu Gewinn und Teilnahmeregeln, klicken Sie bitte hier.
Jetzt mitmachen



How do I know the email is not a phishing?

Because all of these together (not separated):

  • It addresses me via name
  • It writes my email address below
  • All domains belong to PayPal
  • No confidential information is requested


Why is this email suspicious:

  • The subject promises the chance to get a large amount of money if the user participates to the survey
  • The subject creates a lot of pressure by setting a short deadline to the participation  (<7 days)
  • The “hier” link to redirects to

I have checked the Whois info for and it looks like it is belonging to PayPal, but it is so badly redacted (damn GDPR!) that I can’t be sure.

  • The button  “Jetzt mitmachen” is a link to that gets immediately redirected to
  • Immediately after click on Next in that page, I get redirected to

  • There is a 3rd party collecting data



It is very easy to create a phishing email in the very same way this email is created, .

Stop messing up with your users.

The vast majority of your users is not able to differentiate between a phishing email and your email.


I informed about this email.

No, I did not participate to the survey.



  • Never fill in surveys, no matter what they promise
  • Never provide PayPal account information, bank account information
  • Never provide any kind of personal identifiable information

© Copyright 2023 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: