February 20th, 2006

hair

paypal and phishing

I got the following message in email today. The "phishing" detector in my brain went off immediately, but on further inspection it appears that this message really did come from Paypal.

Subject: Notification of Limited Account Access

Dear Greg Hewgill,

As part of our security measures, we regularly screen activity in the PayPal system.
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.

To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely,
PayPal Account Review Department

PayPal Email ID PP522

This message seems non-phishy due to the following aspects:

  • My full name is used, not something derived from my email address
  • There are no links to click on (ie. "click here to visit the Resolutions Center")
  • The message headers (below) indicate no evidence of forgery
  • The IP address it was sent from matches the SPF record at paypal.com

Paypal is in the unenviable position of having to fight with all the phishers when they really do want to email a notification to their customers. It appears that this is the best they can do, and of course the phishers will imitate this style of message as closely as possible, which makes Paypal's original message look like junk mail. It's an uphill battle for them.

Now I'm curious about what they've done with my account.

Collapse )

Update: I logged on to Paypal and they appear to only have expired my password. No other outstanding issues were to be found in their "Resolution Center" after logging on. I've found that Paypal seems to expire my password frequently (once every month or two), and asks that I supply a new, different password plus configure two new security questions. Perhaps I've been getting a message like this every time they expire my password but this is the first time I noticed it wasn't a phishing message.

I just checked my mail and one second after receiving confirmation of changing my password and security questions, I also got:

Subject: Your PayPal Account has been Restored

Dear Greg Hewgill,

We have completed our review and have restored your account.

Thank you for your patience during this process and for helping to make PayPal the safest and most trusted online payment solution.

Sincerely,
PayPal Account Review Department

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP203

Thanks Paypal. Hardly a pleasure doing business with you.