I have just received an email from service@paypal.com (yup, that's the domain in the email headers, this isn't some spoofed name).<p>The email is an obvious phishing attempt, referring to an address change and order I never made. Logging into my PayPal account, everything is unchanged and fine.<p>What I am surprised by is that anyone managed to send an email from service@paypal.com? How is that possible without their DNS being compromised somehow?<p>Someone on Reddit[0] has reported the same and I am wondering if anyone here has noticed / whether anyone here works at Paypal and needs to hear about this.<p>[0] https://old.reddit.com/r/paypal/comments/1ihs0ls/getting_tons_of_phishing_emails_from_verified/
Anyone can send a money request or invoice to anyone else via PayPal, which will come from PayPal's servers and valid PayPal email addresses.<p>I'm not defending PayPal here, but people can also arbitrarily send a fraudulent invoice to you in email, or via the physical mail, or call you on the phone as well. Fraud of this sort is by no means an issue exclusive to PayPal.<p>You can't assume that all communications you receive from PayPal are legitimate requests, in the same way you can't assume that all letters or phone calls or text messages you receive are legitimate requests.
I receive them too. They indeed come "From: <service@paypal.com>", but the dead giveaway is that the recipient is "To: fred smith <order_status10@jwa.onmicrosoft.com>". I'm NOT "fred smith" or any of the other random names they use. The emails arrive from the onmicroft.com servers, not the PayPal servers.<p>It looks like they create the fake account at onmicrosoft.com, then have paypal send an email to that account and then make onmicrosoft.com forward it to all their intended victims.
This email is for $229.00 purchase of bitcoin from my paypal account. I do not have a paypal account.
The sender listed as caitlinrui caitlinrui, Other messaging-service@post.xero.com