Paypal email oddities

As even PayPal themselves acknowledge, PayPal users are subject to a lot of phishing emails. So it’s odd to see a definitely legitimate PayPal email with a bunch of things you’d regard as pretty strange.

  1. Odd header. Looking at the headers of the message, we can see it’s DomainKeys and DKIM signed, but then you have a header like:
    X-XPT-XSL-Name: email_pimp/default/en_AU/transaction/buyer/BuyerRefund.xsl

    Maybe they’re giving away a bit much information about how they feel about the emails they’re sending you

  2. Invalid links. The top of the email contains a “Transaction Id: XXXXXXX” item, with the id itself being a hyperlink. Unfortunately the hyperlink is wrong, and has an href of:
    https:///cgi-bin/webscr?cmd=_view-a-trans&id=XXXXXXX

    So clearly the hostname was accidentally left out.

  3. Mixed case inline URL. The message contains a URL to their help page, but the URL isn’t a hyperlink, it’s just text, and they’ve marked up the URL in a very odd way. It looks like:
    Questions? Visit the Help Centre at: https://SECURE.UNINITIALIZED.REAL.PaYpAl.CoM/au/help

Put altogether, it’s a very odd email to receive, and took a moment and a closer check of the headers to believe it was legitimate.

Posted in Off Topic, Technical. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,003 other followers

%d bloggers like this: