Re: [mailop] I received a scam letter from Paypal

[Jarland Donnell via mailop]

For someone already using billing automation it works that way, but 
think more in terms of a web designer with 5 clients, billing a client 
for a quick job. PayPal has a lot of functions for a lot of different 
use cases that could range from helping freelancers to large businesses.


I'm not sure how much needs to be done after registration to gain the 
feature but I imagine if you have a working login, you have the feature.


On 2022-12-28 12:55, Jaroslaw Rafa via mailop wrote:

Dnia 28.12.2022 o godz. 12:33:05 Jarland Donnell via mailop pisze:

It's a perfectly legitimate feature of PayPal that you can create an
invoice and send it to someone. Pretty much every invoice service
that exists allows similar. They just have a problem with malicious
users creating invoices for people that don't owe them any money.


I understand they need to already be Paypal customers and be somehow
verified and "allowed" by Paypal to create invoices for other users?

Is this some additional feature of Paypal? Paypal's basic operation, 
ie.
being a payment processor, does not require such feature at all. In 
normal
payment processing flow in an Internet shop you don't get any invoice 
until
you have paid for the goods you are ordering, and this invoice is sent 
to

you directly by the shop, and not via the payment processing service.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Slavko via mailop]

Ahoj,

Dňa Wed, 28 Dec 2022 12:33:05 -0600 Jarland Donnell via mailop
 napísal:

> It's a perfectly legitimate feature of PayPal that you can create an 
> invoice and send it to someone. Pretty much every invoice service
> that exists allows similar. They just have a problem with malicious
> users creating invoices for people that don't owe them any money.

If that is true, IMO the message have to be reported to paypal, to they
can act on particular user(s).

regards

-- 
Slavko
https://www.slavino.sk


pgpWEIlJvH2Cv.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Richard W via mailop]

I've seen a number of these.  What helps me catch them is they are 
always to a scraped address, not my tagged address used with PP.


Richard

On 2022-12-28 12:14 p.m., Cyril - ImprovMX via mailop wrote:

Hi everyone!

If I recall correctly, there was already a discussion here on something 
similar, but I'd like to share my story here.


Yesterday, I received an email from Paypal with the subject "Reminder - 
You have paid an invoice".


The content of the email is the following:

first.png

There are a few things to note that are surprising :

  * The email is really coming from Paypal (serv...@paypal.com
)
  * The SPF/DKIM AND DMARC are valid
  * All the links inside the email point to Paypal.com, even though I
haven't clicked on the "View ad Pay Invoice"
  * The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
 (https://check.mx/ptr/66.211.170.90
)


And a few inconsistencies :

  * The subject says, "You have paid an invoice", but the body says,
"Please pay your invoice"
  * The bottom indicates that Paypal "will always contain your full
name", but the top indicates "Hello, PayPal Customer"
  * I haven't tried the phone number but pretty sure that's where the
scammers are sitting.

Here's the validation from GMail:

second.png

What I'm saying here, is what the hell? How a scam can come from Paypal 
like this?
This is a serious issue, and they need to fix this because I'm not sure 
my parents would catch the scam here, all seems legit!


Stay safe, and happy holidays!

Best,
Cyril

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Jaroslaw Rafa via mailop]

Dnia 28.12.2022 o godz. 12:33:05 Jarland Donnell via mailop pisze:
> It's a perfectly legitimate feature of PayPal that you can create an
> invoice and send it to someone. Pretty much every invoice service
> that exists allows similar. They just have a problem with malicious
> users creating invoices for people that don't owe them any money.

I understand they need to already be Paypal customers and be somehow
verified and "allowed" by Paypal to create invoices for other users?

Is this some additional feature of Paypal? Paypal's basic operation, ie.
being a payment processor, does not require such feature at all. In normal
payment processing flow in an Internet shop you don't get any invoice until
you have paid for the goods you are ordering, and this invoice is sent to
you directly by the shop, and not via the payment processing service.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Louis Laureys via mailop]

This looks like it is an actual invoice reminder email coming from paypal. Like
a fraudulent "seller" created an invoice with your email as the customer.
So not really an email authentication issue, more of a platform issue.



> The subject says, "You have paid an invoice", but the body says, "Please pay
> your invoice"

My guess is that the name of the invoice is You have paid an invoice. Thus the
subject Reminder - You have paid an invoice. Normally that would say something
like Reminder - Mailop January invoice.

> The bottom indicates that Paypal "will always contain your full name", but the
> top indicates "Hello, PayPal Customer"

That message is within the "Seller note to customer" paragraph.

> I haven't tried the phone number but pretty sure that's where the scammers are
> sitting.

Also within the "Seller note to customer" paragraph, so yeah probably.



Paypal could do more to differentiate the content coming from the "seller" and
not them. Currently it's quite easy to overlook the "Seller note to customer"
title, as this thread shows.



Op woensdag 28 december 2022 om 19:14, schreef Cyril - ImprovMX via mailop:

> Hi everyone!
> 
> 
> If I recall correctly, there was already a discussion here on something
> similar, but I'd like to share my story here.
> 
> 
> Yesterday, I received an email from Paypal with the subject "Reminder - You
> have paid an invoice".
> 
> 
> The content of the email is the following:
> 
> 
> first.png [attachment:ATT1]
> 
> 
> 
> There are a few things to note that are surprising :
>  * The email is really coming from Paypal (serv...@paypal.com)
>  * The SPF/DKIM AND DMARC are valid
>  * All the links inside the email point to Paypal.com, even though I haven't
>clicked on the "View ad Pay Invoice"
>  * The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
>[http://mx4.phx.paypal.com] (https://check.mx/ptr/66.211.170.90
>[https://check.mx/ptr/66.211.170.90])
> 
> 
> 
> And a few inconsistencies :
>  * The subject says, "You have paid an invoice", but the body says, "Please
>pay your invoice"
>  * The bottom indicates that Paypal "will always contain your full name", but
>the top indicates "Hello, PayPal Customer"
>  * I haven't tried the phone number but pretty sure that's where the scammers
>are sitting.
> 
> Here's the validation from GMail:
> 
> 
> second.png [attachment:ATT2]
> 
> 
> 
> What I'm saying here, is what the hell? How a scam can come from Paypal like
> this?
> This is a serious issue, and they need to fix this because I'm not sure my
> parents would catch the scam here, all seems legit!
> 
> 
> Stay safe, and happy holidays!
> 
> 
> Best,
> Cyril
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Anne Mitchell via mailop]

> What I'm saying here, is what the hell? How a scam can come from Paypal like 
> this?

Simple, it uses Paypal's own invoicing system:

https://www.theinternetpatrol.com/new-paypal-invoice-scam-emails-come-from-paypal-and-uses-actual-paypal-links/

Anne

---
We provide the Good Senders email sender reputation certification list to inbox 
providers
around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Mark Alley via mailop]

A common scenario for these is that a legitimate PayPal account is 
compromised and then used to send out these invoices requests from the 
account, hence these requests/messages are sent via PayPal's email 
infrastructure to external recipients.


The best course of action for remediation would be to report these to 
PayPal's fraud division via a forward to "phish...@paypal.com"


On 12/28/2022 12:33 PM, John Devine via mailop wrote:
I’m pretty sure I had one of those and it was like you say quite 
‘real’ I had to log in to my PayPal account to check there had been no 
activity, how are they doing this?


On 28 Dec 2022, at 18:14, Cyril - ImprovMX via mailop 
 wrote:


Hi everyone!

If I recall correctly, there was already a discussion here on 
something similar, but I'd like to share my story here.


Yesterday, I received an email from Paypal with the subject "Reminder 
- You have paid an invoice".


The content of the email is the following:



There are a few things to note that are surprising :

  * The email is really coming from Paypal (serv...@paypal.com)
  * The SPF/DKIM AND DMARC are valid
  * All the links inside the email point to Paypal.com
, even though I haven't clicked on the "View
ad Pay Invoice"
  * The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
 (https://check.mx/ptr/66.211.170.90)


And a few inconsistencies :

  * The subject says, "You have paid an invoice", but the body says,
"Please pay your invoice"
  * The bottom indicates that Paypal "will always contain your full
name", but the top indicates "Hello, PayPal Customer"
  * I haven't tried the phone number but pretty sure that's where the
scammers are sitting.

Here's the validation from GMail:



What I'm saying here, is what the hell? How a scam can come from 
Paypal like this?
This is a serious issue, and they need to fix this because I'm not 
sure my parents would catch the scam here, all seems legit!


Stay safe, and happy holidays!

Best,
Cyril
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


OpenPGP_0xE37A23C4D04F0409.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] I received a scam letter from Paypal

[Kevin A. McGrail via mailop]

We've seen quite a few of these.  They are abusing paypal's system, 
sending invoices, etc.  Agreed, it's a very good scam and leverages 
PayPal's real comms. -KAM


On 12/28/2022 1:14 PM, Cyril - ImprovMX via mailop wrote:
What I'm saying here, is what the hell? How a scam can come from 
Paypal like this?
This is a serious issue, and they need to fix this because I'm not 
sure my parents would catch the scam here, all seems legit!


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Jarland Donnell via mailop]

It's a perfectly legitimate feature of PayPal that you can create an 
invoice and send it to someone. Pretty much every invoice service that 
exists allows similar. They just have a problem with malicious users 
creating invoices for people that don't owe them any money.


On 2022-12-28 12:14, Cyril - ImprovMX via mailop wrote:

Hi everyone!

If I recall correctly, there was already a discussion here on
something similar, but I'd like to share my story here.

Yesterday, I received an email from Paypal with the subject "Reminder
- You have paid an invoice".

The content of the email is the following:

There are a few things to note that are surprising :

* The email is really coming from Paypal (serv...@paypal.com)
* The SPF/DKIM AND DMARC are valid
* All the links inside the email point to Paypal.com, even though I
haven't clicked on the "View ad Pay Invoice"
* The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
[1] (https://check.mx/ptr/66.211.170.90)

And a few inconsistencies :

* The subject says, "You have paid an invoice", but the body says,
"Please pay your invoice"
* The bottom indicates that Paypal "will always contain your full
name", but the top indicates "Hello, PayPal Customer"
* I haven't tried the phone number but pretty sure that's where the
scammers are sitting.

Here's the validation from GMail:

What I'm saying here, is what the hell? How a scam can come from
Paypal like this?
This is a serious issue, and they need to fix this because I'm not
sure my parents would catch the scam here, all seems legit!

Stay safe, and happy holidays!

Best,
Cyril

Links:
--
[1] http://mx4.phx.paypal.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[John Devine via mailop]

I’m pretty sure I had one of those and it was like you say quite ‘real’ I had 
to log in to my PayPal account to check there had been no activity, how are 
they doing this?

> On 28 Dec 2022, at 18:14, Cyril - ImprovMX via mailop  
> wrote:
> 
> Hi everyone!
> 
> If I recall correctly, there was already a discussion here on something 
> similar, but I'd like to share my story here.
> 
> Yesterday, I received an email from Paypal with the subject "Reminder - You 
> have paid an invoice".
> 
> The content of the email is the following:
> 
> 
> 
> There are a few things to note that are surprising :
> The email is really coming from Paypal (serv...@paypal.com 
> )
> The SPF/DKIM AND DMARC are valid
> All the links inside the email point to Paypal.com, even though I haven't 
> clicked on the "View ad Pay Invoice"
> The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com 
>  (https://check.mx/ptr/66.211.170.90 
> )
> 
> And a few inconsistencies :
> The subject says, "You have paid an invoice", but the body says, "Please pay 
> your invoice"
> The bottom indicates that Paypal "will always contain your full name", but 
> the top indicates "Hello, PayPal Customer"
> I haven't tried the phone number but pretty sure that's where the scammers 
> are sitting.
> Here's the validation from GMail:
> 
> 
> 
> What I'm saying here, is what the hell? How a scam can come from Paypal like 
> this?
> This is a serious issue, and they need to fix this because I'm not sure my 
> parents would catch the scam here, all seems legit!
> 
> Stay safe, and happy holidays!
> 
> Best,
> Cyril
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop






signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] I received a scam letter from Paypal

[Cyril - ImprovMX via mailop]

Hi everyone!

If I recall correctly, there was already a discussion here on something
similar, but I'd like to share my story here.

Yesterday, I received an email from Paypal with the subject "Reminder - You
have paid an invoice".

The content of the email is the following:

[image: first.png]

There are a few things to note that are surprising :

   - The email is really coming from Paypal (serv...@paypal.com)
   - The SPF/DKIM AND DMARC are valid
   - All the links inside the email point to Paypal.com, even though I
   haven't clicked on the "View ad Pay Invoice"
   - The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com (
   https://check.mx/ptr/66.211.170.90)


And a few inconsistencies :

   - The subject says, "You have paid an invoice", but the body says,
   "Please pay your invoice"
   - The bottom indicates that Paypal "will always contain your full name",
   but the top indicates "Hello, PayPal Customer"
   - I haven't tried the phone number but pretty sure that's where the
   scammers are sitting.

Here's the validation from GMail:

[image: second.png]

What I'm saying here, is what the hell? How a scam can come from Paypal
like this?
This is a serious issue, and they need to fix this because I'm not sure my
parents would catch the scam here, all seems legit!

Stay safe, and happy holidays!

Best,
Cyril
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop