A reader has sent us a link to a blog post made a few months ago about attempts to verify whether an email received was a genuine communication from PayPal. Our reader stumbled across it when trying to verify whether an email that landed in his inbox was genuine. Indeed it was, despite it looking a little dodgy.
In the blog post, the writer contacts PayPal customer support several times, goes via Twitter and even escalates the enquiry and is told variously that the email is definitely or ‘likely’ a spoof or phishing email despite the fact it was entirely genuine.
It came from the domain epl.paypal-communication.com. But PayPal reps repeatedly say it was bogus. You’ll enjoy the whole escapade, so pull up a pew and a cup of coffee to read the full correspondence. It’s a Chekhovian farce where the right hand doesn’t know what the left hand is doing. Even the [email protected] people, the official address they ask you to send suspect mails to, warns of the email’s dodginess.
Whilst on one level this rigmarole is humorous, it’s also a serious problem and a source of disquiet. Not only does it display some serious deficiencies with internal communications but also an inconsistency in domain usage. Phishing emails are a real problem still so it’s worrying that an organisation like PayPal can’t give the correct advice. Not least because it’s a business dealing with sensitive information and our money.
8 Responses
I remember getting this email but, in my case at least, I knew the supposed transaction made no sense. Hovering my mouse over the “links” showed some of them appeared very genuine but at least one simply didn’t look right.
So, as I’ve always done before, I acted to forward it to “[email protected]” only the email bounced back and, after several fruitless attempts, I gave up.
The only thing left for me to do was monitor my PayPal account and the dedicated Bank Account to which it is linked to check for withdrawals. None occurred but it’s left me rather concerned at the way in which I simply couldn’t get any help about this issue.
As always I’m getting “helpful hints” from PayPal about how I should be using their “One Click” buying system . . this phoney email and the lack of any ability to get PayPal to deal with it made my mind up . . in NO WAY am I going to make getting money out of my PayPal account ANY easier . . if only I could remove the automatic link between my eBay and PayPal accounts. Not easy and very inconvenient.
But then so would be getting money back from a fraudulent transaction if BOTH though it actually genuine!
I had an identical issue with an Amazon eMail.
The email received is warning about an account change, which was made on my account (in effect locking me out).
On my contact via phone with Amazon CS, the rep confirmed with me that it definitely a scam/phishing eMail.
This is definitely not the case, as I have truly been robbed of my access to said Amazon account.
So I see it to be a two-fold concern here.
1- The warning sent to me is in vain, because I have no way to act on it, although the actions/changes are not authorized.
2- The valid Amazon eMail is claimed, by Amazon personnel, to be a scam.
SumItUp: All the very needed hype regarding phishing eMails, calling for extreme diligence, is actually being used against our (online users) security.
Never click of them spoofs your paypal and ebay account will be compromised and emptied
No-one’s PayPal e-mail address is secure, regardless of whether you “only” use it for Ebay purposes or however weird and unguessable the words are – for the simple reason that you reveal it to the buyer every time you sell an item on Ebay.