I got this email from ... well, I don't know.
Date: Tue, 31 Jan 2017 12:32:00 +0000
From: PayPal <email@example.com>
Subject: Your Legal Agreements with PayPal
1 OK ~23 lines Text
2 Shown ~626 lines Text
[my real name is here] – We're making a few changes
View Online [epl.paypal-communication.com]
Our Legal Agreements are changing.
We’re making some changes to our Legal Agreements; the documents that govern our relationship
with you, so that we can continue to make PayPal even more secure, quick and easy to use. We’ve
put details of the changes on our Policy Update page [epl.paypal-communication.com] – you can
also find the page at www.paypal.co.uk [epl.paypal-communication.com], by clicking ‘Legal’ at
the bottom of the page and then selecting ‘Policy Updates’.
What do I have to do?
Take a look at our Policy Update page to check you’re happy with the changes. If you are, you
don’t need to do anything as these changes will automatically apply to you. If you don’t want to
accept the changes you can follow the steps we’ve set out on our Policy Update page.
See the Policy Updates [epl.paypal-communication.com]
How do I know this is not a Spoof email?
Spoof or 'phishing' emails tend to have generic greetings such as "Dear PayPal member". Emails
from PayPal will always contain your full name.
Find out more here [epl.paypal-communication.com].
This email was sent to firstname.lastname@example.org.
Copyright © 1999–2017 PayPal. All rights reserved. PayPal (Europe) S.à r.l. et Cie, S.C.A.,
Société en Commandite par Actions. Registered office: 22-24 Boulevard Royal, L-2449, Luxembourg,
R.C.S. Luxembourg B 118 349.
So is it real? I don't know. They did give me true name, but my name isn't exactly a secret, known only to myself and god. The site I'm sent to, isn't at paypal.com, which I know is real, but instead it's paypal-communication.com.
Is that owned by Paypal? I used whois, and that said that it is, but anyone can give false details when registering a domain name. So that doesn't really help much.
Just because a scammer knows the name that goes with my email address, doesn't prove that the scammer isn't a scammer.
So what happened when I clicked on the link?
Well, obviously I didn't click on the link, because I don't know what it leads to.
Paypal are idiots.
They should have put the link I'm supposed to click on, on the paypal.com domain name. Or else possibly Paypal aren't idiots, and the email came from a scammer.
So I googled "paypal-communication.com", and looked at what people were saying, and it looks to me as if opinion is divided on whether it's real or fake.
So I logged in to Paypal.com. I would expect that, if this really did come from Paypal, they would also have sent me a "notification" that I need to review their changes. There was no notification.
So I conclude that ... if it's real, they should have sent me a notification, and the email should have been from their paypal.com domain. Therefore it isn't real. Therefore it's a scam.
Let me know if I'm wrong.