Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Can someone tell PayPal to stop sending “phishing” emails?
9 points by rkagerer on June 25, 2020 | hide | past | favorite | 2 comments
I got an email from PayPal this morning about upcoming changes to their legal agreements. It did not include the changes; instead it told me to go review them at a link beginning with:

    https://epl.paypal-communication.com/
...followed by indecipherable tracking codes.

I think it's legit, but I feel like the company is pushing me to click a link that smells like a phishing campaign (in order to review ToS changes they made without my consent). The domain has confused others [1][2], is blocked by uBlock Origin, and it's even been discussed here before [3].

Paypal often reminds me to be wary of phishing scams. Is there a good reason they can't use a subdomain of paypal.com instead?

----

[1] https://security.stackexchange.com/questions/182161/why-would-paypal-send-messages-from-another-domain

[2] https://www.reddit.com/r/paypal/comments/4qlnf0/is_this_a_phishing_attempt/

[3] https://hn.algolia.com/?query=paypal-communication.com&dateRange=custom&dateEnd=1592956800&dateStart=1465948800&prefix=true&type=all



Yeah, this seems like a bad practice! Following that SE link, it seems Stack Overflow does a similar thing, and Google and Twitter etc. I'm not sure how or why people are supposed to trust super-suspicious-looking links. What's the idea supposed to be? "If an email says it's from PayPal, just click on it"? What could possibly go wrong. How are we supposed to know it's legit? Do some research on every link before clicking?!


I always try to go to the site directly without clicking links. It's generally faster and safer than me trying to vet every link I get.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: