That's odd. The fraud emails we have gotten do not use an actual PayPal
address as the sender (they have been using @.pp.com) and that is a
legitimate address used to notify users when their accounts have been
limited, which does happen and they have an FAQ regarding that. One of ours
got limited
On Mon, 15 Jun 2020, Daryl Rose wrote:
So, I received an email from "service.i...@paypal.com", Subject "Your
PayPaI account has been limited". This is clearly a phishing attempt and
not a legitimate email from paypal.
I analyzed the headers, the message comes from a server here in the United
Start here:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
Then try something like:
header __Custom_NotFromPaypal1Subject =~ /paypal/i
header __Custom_NotFromPaypal2Received !~ /paypal/i
metaCustom_NotFromPaypal (
So, I received an email from "service.i...@paypal.com", Subject "Your
PayPaI account has been limited". This is clearly a phishing attempt and
not a legitimate email from paypal.
I analyzed the headers, the message comes from a server here in the United
States, the spam score is 5, and