Funny, my reaction to seeing (I assume) the same message was that
they'd
learned how *not* to look like a phish.
In particular, they used their own domain name for *everything*,
including
the sending server, the return address, matching forward reverse
DNS
on
the sending server
Loren Wilton wrote:
Thank you for bringing this suspicious email to our attention. We can
confirm that the email you received was not sent to you by PayPal. The
website linked to this email is not a registered URL authorized or used
by PayPal. We are currently investigating this incident fully.
Just got a thing that claims to come from email-109.paypal.com. It
backtracks to there, too.
(Snip)
Clam seems to think it is a phish. I think it is a phish. It looks like
a
phish.
The disturbing thing is it seems to have come from the real Paypal
servers,
AND, it has my correct
Loren Wilton wrote:
The disturbing thing is it seems to have come from the real Paypal
servers, AND, it has my correct name in the body of the email.
Now, they don't actually ask me to log on to a link in the email.
They just say click here to win with a link with a tracking id.
I have to
Funny, my reaction to seeing (I assume) the same message was that they'd
learned how *not* to look like a phish.
In particular, they used their own domain name for *everything*, including
the sending server, the return address, matching forward reverse DNS on
the sending server (mine came
Just got a thing that claims to come from email-109.paypal.com. It
backtracks to there, too.
pts rule name description
-- --
0.0 DK_POLICY_TESTING Domain Keys: policy says domain is testing DK
0.0