Paypal email oddities

As even PayPal themselves acknowledge, PayPal users are subject to a lot of phishing emails. So it’s odd to see a definitely legitimate PayPal email with a bunch of things you’d regard as pretty strange.

  1. Odd header. Looking at the headers of the message, we can see it’s DomainKeys and DKIM signed, but then you have a header like:
    X-XPT-XSL-Name: email_pimp/default/en_AU/transaction/buyer/BuyerRefund.xsl

    Maybe they’re giving away a bit much information about how they feel about the emails they’re sending you

  2. Invalid links. The top of the email contains a “Transaction Id: XXXXXXX” item, with the id itself being a hyperlink. Unfortunately the hyperlink is wrong, and has an href of:
    https:///cgi-bin/webscr?cmd=_view-a-trans&id=XXXXXXX

    So clearly the hostname was accidentally left out.

  3. Mixed case inline URL. The message contains a URL to their help page, but the URL isn’t a hyperlink, it’s just text, and they’ve marked up the URL in a very odd way. It looks like:
    Questions? Visit the Help Centre at: https://SECURE.UNINITIALIZED.REAL.PaYpAl.CoM/au/help

Put altogether, it’s a very odd email to receive, and took a moment and a closer check of the headers to believe it was legitimate.

Posted in Off Topic, Technical. Comments Off on Paypal email oddities
Follow

Get every new post delivered to your Inbox.

Join 6,861 other followers

%d bloggers like this: