PayPal phishing scam coming from paypal.com domain
I have just received an email from service@paypal.com (yup, that's the domain in the email headers, this isn't some spoofed name).
The email is an obvious phishing attempt, referring to an address change and order I never made. Logging into my PayPal account, everything is unchanged and fine.
What I am surprised by is that anyone managed to send an email from service@paypal.com? How is that possible without their DNS being compromised somehow?
Someone on Reddit[0] has reported the same and I am wondering if anyone here has noticed / whether anyone here works at Paypal and needs to hear about this.
[0] https://old.reddit.com/r/paypal/comments/1ihs0ls/getting_tons_of_phishing_emails_from_verified/
16 comments
[ 2.4 ms ] story [ 43.4 ms ] threadI'm not defending PayPal here, but people can also arbitrarily send a fraudulent invoice to you in email, or via the physical mail, or call you on the phone as well. Fraud of this sort is by no means an issue exclusive to PayPal.
You can't assume that all communications you receive from PayPal are legitimate requests, in the same way you can't assume that all letters or phone calls or text messages you receive are legitimate requests.
For anyone to just be able to send an email in the name of paypal.com with no indication that it was initiated by another paypal user is pretty bonkers.
I haven't seen this before, so either they have very good scam / spam detection or I was just lucky not to have been targeted yet.
This is the real/root issue. I've seen a few of these and the email itself contains no identifying information which increases the phishing risk/suspicion substantially. Both PayPal, and some banks still send emails with buttons like "confirm your account" - it's wild.
I wouldn't fall for this scam, because I'm technically minded, but a less technical relative wouldn't stand a chance here.
The last time I received a message like this it included this message: "Note from [Fraudulent Seller]: Fraud Alert: Didn't make this order? Call at [Fraudulent 800 number]"
And also the message: "Don't recognize this request? Before paying, make sure you recognize this person. Don't engage with this request if you're unsure about it. PayPal won't contact you through a money request."
But, it did come legitimately from service@paypal.com, and was almost certainly the type of issue OP is describing. I'm not sure PayPal can do anything here but rephrase money requests or invoices as "potential" if they don't come from a contact known to the account. (It'd be cool if they did that.)
Phish-free PayPal Phishing
https://www.fortinet.com/blog/threat-research/phish-free-pay...
It looks like they create the fake account at onmicrosoft.com, then have paypal send an email to that account and then make onmicrosoft.com forward it to all their intended victims.