Re: Paypal phishing - ADDL NOTES

AJ Weber Thu, 21 Nov 2024 08:51:37 -0800

I coincidentally have a legit PP email/notification from just a dayago. Some things to note:


LEGIT:

X-Spam-DCC:www.nova53.net: app3 1207; Body=1 Fuz1=1 Fuz2=1
From:"serv...@paypal.com"  <serv...@paypal.com>
To: AW <xxxxx.yyy.com>
Subject: You authorized a payment to

((To is actually my email address))

FAKES:
X-Spam-DCC:www.nova53.net: app3 1207; Body=55 Fuz1=98 Fuz2=many
X-OriginatorOrg: smkelopuramy.onmicrosoft.com
From:"serv...@paypal.com"  <serv...@paypal.com>
To:billingdepartmen...@smkelopuramy.onmicrosoft.com
Subject: This money request has been updated

X-Spam-DCC:www.nova53.net: app3 1207; Body=3 Fuz1=1 Fuz2=many
X-OriginatorOrg: serenashop.store
From:"serv...@paypal.com"  <serv...@paypal.com>
To:"Invoice-update8@serenashop. store"  <Invoice-update8@serenashop.store>
Subject: Invoice from Michelle Miller (0073)

** No X-OriginatorOrg header in legit email.
** Legit has all "US" relays, and much shorter (4).  Fakes have one "**" relay 
(I guess undetermined) and much longer.  But don't know how much that would help.

Re: Paypal phishing - ADDL NOTES

Reply via email to