<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div>This is the correct answer.</div><div><br></div><div>Lemme open the PayPal Kimono for a minute.</div><div><br></div><div>There are three teams that watch this stuff (and exploit this stuff) Red/Blue/Purple teams PLUS there are 3 SOCs. One in San Jose, One in Scottsdale, and one in Reno. The inbound and attempts at passthrough for fraudulent purposes runs between 20 and 40 million attempts daily.</div><div><br></div><div>When I was workin gin Infosec up there, the main thing we had to tell customers is this…. If YOU didn’t go to PayPal.com yourself, logged into your account yourself, and then executed an action yourself, then consider it fraudulent. </div><div><br></div><div>Some things you can do to help: Send a copy to <a href="mailto:abuse@paypal.com">abuse@paypal.com</a>. This actually gets slurped up into a Redis cluster, gets massaged by URL processing gear, and added to the threat intelligence. The more you send, the less likely anyone else will be to fall to it because it gets “worked” by red team. They actually infiltrate on the dark web to buy fraudulent PayPal account lists, and then invalidate them all. Once the offensive posture was taken by Scottsdale, fraud of this type declined by well over 60%. If you’re still getting these sorts of things, there may be a new component to the URL, or there may be something that helps them hop the current filters. Simply report them and don’t do anything at PayPal you personally didn’t login to do. Just ignore emails entirely, or let one of these emails be the impetus for you to connect to your account independently, and see if your inbox has anything for you.</div><div><br></div><br id="lineBreakAtBeginningOfMessage"><div>
<div>Jerald Sheets</div><div>questy@gmail.com</div><div><br></div><br class="Apple-interchange-newline">
</div>
<div><br><blockquote type="cite"><div>On Mar 13, 2025, at 2:16 PM, Phil Turmel via Ale <ale@ale.org> wrote:</div><br class="Apple-interchange-newline"><div><div>Multi-step attack leveraging throw-away PayPal accounts.<br><br>Step 1: Pretend to be a merchant to get PayPal to send you an invoice for something you presumably ordered.<br><br>Step 1a: You ignore the bogus invoice.<br><br>Step 2: Pretend to be a merchant and file a non-payment complaint for the ignored invoice claiming to have delivered some bogus product.<br><br>( I get one or two bogus invoices a week. I use PayPal for certain transactions to *receive* money, but very little sending of money. PayPal's machine learning algorithms seem to be killing off the 2nd step in my cases. )<br><br>On 3/13/25 13:28, dj-Pfulio via Ale wrote:<br><blockquote type="cite">Always check the message header to see where the email originated.<br>On March 13, 2025 12:08:50 PM EDT, Neal Rhodes via Ale <ale@ale.org> wrote:<br><blockquote type="cite">I got yet another email about an alleged paypal dispute. Which I deleted.<br><br>But normally I do just hover over the hyperlinks to confirm they are bogus.<br><br>And the last couple of these, I just can't see where it goes off the rails. It just looks ok to me.<br><br>https://www.paypal.com/us/resolutioncenter/PP-R-YSJ-566648816?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000299&utm_unptid=93f1518f-001e-11f0-b526-c57aab365dc0&ppid=RT000299&cnac=US&rsta=en_US%28en-US%29&unptid=93f1518f-001e-11f0-b526-c57aab365dc0&calc=f695230a25ca0&unp_tpcid=Disputes-PPC001688&page=main%3Aemail%3ART000299&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.314.0&tenant_name=PAYPAL&xt=145585%2C150948%2C104038&link_ref=resolutioncenter_pp-r-ysj-566648816 [1]<br><br>What am I missing?<br><br>Links:<br>------<br>[1] https://www.paypal.com/us/resolutioncenter/PP-R-YSJ-566648816?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000299&utm_unptid=93f1518f-001e-11f0-b526-c57aab365dc0&ppid=RT000299&cnac=US&rsta=en_US%28en-US%29&unptid=93f1518f-001e-11f0-b526-c57aab365dc0&calc=f695230a25ca0&unp_tpcid=Disputes-PPC001688&page=main%3Aemail%3ART000299&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.314.0&tenant_name=PAYPAL&xt=145585%2C150948%2C104038&link_ref=resolutioncenter_pp-r-ysj-566648816<br><br>_______________________________________________<br>Ale mailing list<br>Ale@ale.org<br>https://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br></blockquote></blockquote><br>_______________________________________________<br>Ale mailing list<br>Ale@ale.org<br>https://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br></div></div></blockquote></div><br></div><br><br><div>
<div>Jerald Sheets</div><div>questy@gmail.com</div><div><br></div><br class="Apple-interchange-newline">
</div>
<br></body></html>