A reader has sent us a link to a blog post made a few months ago about attempts to verify whether an email received was a genuine communication from PayPal. Our reader stumbled across it when trying to verify whether an email that landed in his inbox was genuine. Indeed it was, despite it looking a little dodgy.
In the blog post, the writer contacts PayPal customer support several times, goes via Twitter and even escalates the enquiry and is told variously that the email is definitely or ‘likely’ a spoof or phishing email despite the fact it was entirely genuine.
It came from the domain epl.paypal-communication.com. But PayPal reps repeatedly say it was bogus. You’ll enjoy the whole escapade, so pull up a pew and a cup of coffee to read the full correspondence. It’s a Chekhovian farce where the right hand doesn’t know what the left hand is doing. Even the [email protected] people, the official address they ask you to send suspect mails to, warns of the email’s dodginess.
Whilst on one level this rigmarole is humorous, it’s also a serious problem and a source of disquiet. Not only does it display some serious deficiencies with internal communications but also an inconsistency in domain usage. Phishing emails are a real problem still so it’s worrying that an organisation like PayPal can’t give the correct advice. Not least because it’s a business dealing with sensitive information and our money.