Comment by veltas

Comment by veltas 10 months ago

9 replies

View on Hacker News

I got a much more convincing email from PayPal recently, someone sent a quote (apparently a feature that can be used unsolicited), and set their company name to something like "PayPal need to get in touch about a your recent payment of $499.00, please call +1-....", so this is most of the text at the top because their quotes email is "<name> is sending you a quote for $xxx".

This email came from the real PayPal.com, how they haven't gotten on top of usernames like that is beyond me for a payment processor. I reported it to them but haven't heard anything back, hopefully they banned that account but they should ban all names like that.

This email honestly was formatted to look like a legit PayPal email, I have to imagine that scam will trick a lot of normal people.

Get in touch, see my bio website, if you want the email.

[removed] 10 months ago
[deleted]
Reply View 0 replies
davidd_1004 10 months ago

Had this happen to me over a year ago so I assume reporting it to them did nothing :)

Reply View 0 replies
dyingkneepad 10 months ago

I got a very similar thing: a legit email from PayPal, but it's an invoice and not a quote. And when you login to PayPal the website shows nothing.

Reply View 0 replies
reportgunner 10 months ago

Why would paypal email you to call them ? If they want something from you they should either call you or email it to you or show it in their portal.

Reply View 1 reply
  • veltas 10 months ago

    I don't know, most PayPal customers wouldn't know either. And the point is that these emails are designed to look legit and also scare you into taking action without thinking about it too hard. And this particular email bypasses a lot of the rules in general consciousness about phishing like "check for spelling mistakes, check the sender email, does it look official, does it mention you by name", all of those boxes are ticked. This is only possible because PayPal clearly aren't actively fighting against these kinds of attacks.

    Reply View 0 replies
guappa 10 months ago

I'd be surprised if someone looked at it.

Reply View 0 replies
akimbostrawman 10 months ago

>This email honestly was formatted to look like a legit PayPal email,

this is why anything but plain text should be blocked in emails (besides security reasons). anybody with 5 minutes of HTML experience can create "legit looking" emails.

Reply View 2 replies
  • sofixa 10 months ago

    It was an actual email sent by PayPal via a service they propose (sending invoices), just with a smartly crafted company name that made it look it's from them. No HTML was required from the attacker.

    Reply View 0 replies
  • veltas 10 months ago

    Legit looking because it was formatted by PayPal themselves, and also sent from PayPal.com.

    Reply View 0 replies