Thursday, November 16, 2017

Alert - Please verify your business identity to have your account limitation lifted email

I received an email today possibly from PayPal, possibly from a scammer with the subject "Kelvin Eldridge, important information regarding your PayPal account".

Notice how the email subject contains my name, but in addition this email was sent to the correct address which I have set up for PayPal and not used elsewhere. That's unusual for scammers to do. They often don't include the name as they don't know it.

The main message in the body of the email is "Please verify your business identity to have your account limitation lifted email".

Now I think this is a very good scam that could trick people. The reason isn't so much because of the email itself, but because of my recent experience with PayPal.

Back in August I received an email from PayPal asking for information to verify my business identity. This was a legitimate request. As the following paragraph shows this was required by the Australian government.

As part of PayPal's Compliance Program, we request that organisations provide certain information. The verification process is a requirement of the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws in Australia, in accordance with which every financial institution in Australia, including PayPal Pty Limited, has to comply. Please review the following link for more information regarding the AML laws for Business Accounts: https://www.paypal.com/au/webapps/mpp/confirm-your-business.

From August to October I had nothing but trouble trying to complete their request and PayPal's system kept requesting information even though they had everything. I'd received an email on 12 September 2017 stating my account had been returned to normal but continued to received pop-ups on the PayPal site stating it hadn't. A call to PayPal on 17 October 2017 confirmed they had what they needed and the account was back to normal. However I still got notices pop up when using the PayPal system.

Now when you get months of issues with PayPal this leaves the door right open for scammers. They know people have these issues and it will be easy to trick people to click on a link in a scam email. You have after all probably tried everything else.

There's only a single link in the email which gives a hint the email may be a scam. It uses the address epl.paypal-communication.com which doesn't look right. It may be a PayPal subcontractor but there's no way to know. The domain has been registered since 2011. If this were a scammer surely PayPal would have closed them down by now. So there really isn't anything to warn people this may be a scam.

Really frustrating experience with PayPal over months and emails that are potentially very good scams. That's a recipe that could easily trick people. Certainly I thought these were simply PayPal's systems still screwing up and I know what to look for.

I decided to forward the email to PayPal. Again not easy to find out where to send it making things easy for scammers as people tend to be lazy. I received a reply quite quickly but it didn't answer my question as to whether or not the domain name was PayPal's or someone they used. It was one of those typical canned responses where they include a lot of previously prepared information, but nothing to answer your question. Pretty slack and not good service. But they did provide the address phishing@paypal.com.au to forward the suspect email.

A quick canned response came back regarding the phishing submission. It's not clear whether or not they'll respond with useful information. Again this really feels like a waste of time with PayPal. If you submit information regarding a phishing attempt I believe you should at least get a response back letting you know the outcome.

You would think if people who use the PayPal service make the effort to report a potential scam, PayPal would have a mechanism to enable you to know whether or not it was a scam. In addition the domain epl.paypal-communication.com has been used on the 17 Oct 2017 and now on the 14 Nov 2017. Surely you'd think PayPal would take action on domains using their business name it they are not their domain.

Given the first email was received on the 17th of October 2017, around the time I was having trouble of the exact same nature with PayPal, this is an excellent timely scan that could easily trick people.

If you receive emails which appear to be from PayPal NEVER click on a link. Go to your account and see if you have any notifications. PayPal do include links in their legitimate emails, but so do scammers.

Kelvin Eldridge
www.OnlineConnections.com.au
IT support.

UPDATE: 22 November 2017
There has been no further update from from PayPal to answer my question. Unfortunately this is what I expected would happen. With these extremely large companies I think most of us will feel we're largely on our own.

No comments:

Post a Comment