Paypal 'phishing' e-mail from Paypal itself?

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Paypal 'phishing' e-mail from Paypal itself?

nigelj

856 posts

Ultimate Geek

#90890 2-Oct-2011 15:43

I got an e-mail today that looks a bit odd, and if it didn't come from Paypal's own MX servers and if SPF/DKIMs checks didn't pass I'd believe it was a phishing e-mail but it just seems a bit odd.

The e-mail says:

----------------------------------------------------------------------
We have unregistered your mobile device
----------------------------------------------------------------------

Dear {$ME},

This Apple® mobile digital device was removed from your PayPal account: JC’s iPod.

The next time you log in to PayPal on this device, it will link to your account again.

When your device was removed, push notifications about PayPal transactions on your mobile device or online
+were disabled. You can enable push notifications by editing the settings/preferences in your PayPal app.

Apple is a trademark of Apple Inc., registered in the U.S. and other countries.
Yours sincerely,
PayPal

----------------------------------------------------------------------
Help Center:
https://www.paypal.com/nz/cgi-bin/helpweb?cmd=_help
Security Center:
https://www.paypal.com/nz/security

Now, it just happened to come through on a Paypal account, I haven't used in ages (I have two, but there was a country of account issue with one of them which was a bit messy), I put it off as phishing, but decided to check the headers and the DKIM Signature appears to be fine, SPF Passed, and it came from an MX that resolves properly and the IP used, is owned by eBay (which owns Paypal).

Apart from owning two iPod Nanos (which can't connect to the Internet and certainly aren't named JC's iPod, my Paypal creditials have never been close to a mobile iDevice.

I can't find anywhere on the Paypal site that shows me if an iDevice has never been registered against my account, and from a Google search (http://www.liquidsilver.org/2011/02/paypal-hacked-maybe/), this message does seem to be generated if the account is been used by scammers/fraudsters to steal funds (no Credit Card attached to this account makes me glad).

Does anyone know of any method I can track down how/why/legitimacy of the message (other than e-mail headers) (I am intending on contacting Paypal, but looking around my Paypal account, definately requires a map or something which they don't provide).

MacBook

1 post

Wannabe Geek

#529029 4-Oct-2011 13:54

I received the identical email today, forwarded on to spoof@paypal.com

If it is a phishing email, it's the least useful I have ever seen!

We have unregistered your mobile device Hello xxxxxxx,

This Apple® mobile digital device was removed from your PayPal account: JC’s iPod.

The next time you log in to PayPal on this device, it will link to your account again.

When your device was removed, push notifications about PayPal transactions on your mobile device or online were disabled. You can enable push notifications by editing the settings/preferences in your PayPal app.

Apple is a trademark of Apple Inc., registered in the U.S. and other countries.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

nigelj

856 posts

Ultimate Geek

#529213 4-Oct-2011 22:23

MacBook: I received the identical email today

Glad I wasn't the only one then, I was thinking of a similar thing, and because I couldn't verify anything or even see if there are/were devices attached to my account, it was really suspect.

I got a follow up e-mail today which basically said that "Your account has been limited because something has happened" although again, the only detail on what 'something' may be, is a suspect login to the account.

What I don't get, is even if someone got into my account (and realized that there was only 6NZD in it, and no credit cards etc linked) why didn't they take the pitance that was in my account?

I think I might have to e-mail them and ask what the heck is going on.