I'm amazed PayPal does this

by Neil Morgan 22 replies
I just got an email from PayPal (yes, it's legit) to remind me that the credit card on my account is about to expire and that I need to update the details.

I've no problem with that.

But the email contains a "click here to log in" link.

Call me paranoid but I thought we were advised never to click on links in emails like this.

By doing this I think they're actually making it easier for phishers because users are being "trained" to expect to get this sort of request from PayPal.

Cheers,

Neil
#main internet marketing discussion forum #amazed #paypal
Avatar of Unregistered
  • Profile picture of the author Neil Morgan
    Hello Imran

    I already checked and I know it definitely is for reasons I won't post up here.

    Cheers,

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[497645].message }}
  • Profile picture of the author JayXtreme
    Originally Posted by Neil Morgan View Post

    I just got an email from PayPal (yes, it's legit) to remind me that the credit card on my account is about to expire and that I need to update the details.

    I've no problem with that.

    But the email contains a "click here to log in" link.

    Call me paranoid but I thought we were advised never to click on links in emails like this.

    By doing this I think they're actually making it easier for phishers because users are being "trained" to expect to get this sort of request from PayPal.

    Cheers,

    Neil

    Hi Neil.. how strange... I have a card up for renewal soon, too..lol..I got this mail yesterday...

    I think their reasoning for doing this, is, the mail they sent you was personalised (Hello Neil Morgan etc) so it is OK for them to have a click here to login link..

    Do I agree with this?..NO..

    But I do think that is their reasoning.

    Peace

    Jay
    Signature

    Bare Murkage.........

    {{ DiscussionBoard.errors[497654].message }}
  • Profile picture of the author Eric Stanley
    You could just take the extra step and login from https:// by typing it on, no problems
    Signature
    {{ DiscussionBoard.errors[497666].message }}
    • Profile picture of the author Neil Morgan
      You could just take the extra step and login from https:// by typing it on, no problems.
      I agree - and that's what their email should have said.
      Signature

      Easy email marketing automation without moving your lists.

      {{ DiscussionBoard.errors[497675].message }}
      • Profile picture of the author Kay King
        I got the same recently, too - and I just logged in using the url. I've trained myself too well to use a link in ANY email even it is from paypal.

        Caution - If you have any billing agreements (auto domain renewals, hosting, etc) it's a good idea to check the agreement if you have changed credit cards or payment options.

        No harm - but one of my billing agreements didn't go through after changing the card on my account. Had to revise the agreement for it to work even though the payment doesn't come from that new card.

        kay
        Signature

        Saving one dog may not change the world - but forever changes the world of one dog.

        {{ DiscussionBoard.errors[497676].message }}
  • Profile picture of the author ZZ2008
    Funny - one of my cards on file with PP expired and I did not receive an e-mail. I wonder if this is becuase I have two cards on file with them. I would certainly be upset considering it has been thier policy that they would never send a link in an e-mail. hmmmmmmmmmm - Please let us know what thier response is
    {{ DiscussionBoard.errors[497683].message }}
  • Profile picture of the author TimRobinson
    Heh, kind of like how facebook says never to type your username and password on another site, but then asks for your gmail/msn/yahoo password to import your friends from your address book....
    {{ DiscussionBoard.errors[497686].message }}
    • Profile picture of the author Kay King
      I don't believe paypal has said they never use a link - what they say is that any email from them will always use your name. I've never gotten a phishing paypal email that had my paypal name included.

      Paypal does advise not to click links in emails so I follow that policy even when I think it's from them. It's a simple safeguard to use.

      kay
      Signature

      Saving one dog may not change the world - but forever changes the world of one dog.

      {{ DiscussionBoard.errors[497733].message }}
      • Profile picture of the author cliffmaster
        Originally Posted by Kay King View Post

        I don't believe paypal has said they never use a link - what they say is that any email from them will always use your name.
        I agree. They also state to make sure that their web url shows up in the addy bar, before entering any login info.
        {{ DiscussionBoard.errors[497835].message }}
  • Profile picture of the author talfighel
    Neil,

    I have heard PayPal say this MANY times over and over again. That is what Paypal claims.

    PayPal will never ask anyone to login into their acount from an email link.

    I really think that the email that you got is SPOOF email and the only thing that you should do is to delete it and go DIRECTLY to your PayPal account and change the info that way.

    Tal
    {{ DiscussionBoard.errors[497858].message }}
  • Profile picture of the author Steveb2u
    Pay Pal is lax in some areas and overprotective in others.....extremely frustrating...but you have to use them. Make sure you have multiple Paypal accounts in case one gets frozen. This is quite common and can tie up your sales.
    Signature

    Steve Blalock
    onlinebizsource.com

    {{ DiscussionBoard.errors[497910].message }}
  • Profile picture of the author askloz
    when I get emails of that sort, from any site, i roll my mouse cursor over the link and take a look at the inbox status bar and see if in fact it is the site in question... if it's not, off to the bin it goes.

    Originally Posted by Neil Morgan View Post

    I just got an email from PayPal (yes, it's legit) to remind me that the credit card on my account is about to expire and that I need to update the details.

    I've no problem with that.

    But the email contains a "click here to log in" link.

    Call me paranoid but I thought we were advised never to click on links in emails like this.

    By doing this I think they're actually making it easier for phishers because users are being "trained" to expect to get this sort of request from PayPal.

    Cheers,

    Neil
    Signature
    {{ DiscussionBoard.errors[497912].message }}
  • Originally Posted by Neil Morgan View Post

    I just got an email from PayPal (yes, it's legit) to remind me that the credit card on my account is about to expire and that I need to update the details.

    I've no problem with that.

    But the email contains a "click here to log in" link.

    Call me paranoid but I thought we were advised never to click on links in emails like this.

    By doing this I think they're actually making it easier for phishers because users are being "trained" to expect to get this sort of request from PayPal.

    Cheers,

    Neil
    If you happen to be subscribed to anything, make sure you take note of them, as Paypal will probably UNsubscribe you from everything when you change your information. I'm not sure a date on a credit card does it, but I know for a fact many of my subscribers were automatically unsubscribed when they changed any of their financial information inside of Paypal. I'm not sure if there is an option to stay subscribed to everything or not, but if there is, it's not very noticeable.
    Signature
    -----------------------------------------


    {{ DiscussionBoard.errors[497921].message }}
  • Profile picture of the author Gunter Eibl
    It's a phishing email, don't click on the link

    Gunter
    {{ DiscussionBoard.errors[498074].message }}
    • Profile picture of the author Jamie Iaconis
      Indeed... it very well can be a fake email...

      Even if the URL in the bottom of the browser shows
      paypal.com/yadayada, because we all (or most of us)
      know how to disguise a URL using HTML.

      Be very, very, cautious... but I still
      say type the URL in the address bar.

      Jamie
      {{ DiscussionBoard.errors[498086].message }}
      • Profile picture of the author Ray Erdmann
        Originally Posted by Jamie Iaconis View Post

        Indeed... it very well can be a fake email...

        Even if the URL in the bottom of the browser shows
        paypal.com/yadayada, because we all (or most of us)
        know how to disguise a URL using HTML.

        Be very, very, cautious... but I still
        say type the URL in the address bar.

        Jamie
        What most folks don't realize though is the login page is using SSL (https://), therefore, even if the url is masked to spoof paypal.com/yada/yada...if there is NO https://..before the www portion, then it's a fake, spoofed, phising email...

        But I agree...still manually go to paypal.com and verify the c/c on file.

        Just my $0.02 is all.


        Ray
        Signature

        "Whether you think you can or not...you'll always be 100% right!" |

        {{ DiscussionBoard.errors[498144].message }}
  • Profile picture of the author Bigsofty
    1. you have a website, right? I've long had a private, not linked and password protected page on my own server as a homepage with all my (most) favorite or useful links on it. Very handy thing to have and for paypal I just click my own link - and even then I check the status bar!

    2. Roboform. If you're on the wrong site it won't show in roboform and you'll get a "Save details for this site?" message.

    Also "paypal.com" is such a short url there's no real excuse for not typing it directly.



    B.
    Signature

    This man is living his dream. Are you...?
    www.copywriter-ac.com

    {{ DiscussionBoard.errors[498099].message }}
  • Profile picture of the author IMChick
    That sounds like a glaring security breach waiting to happen. I think that the OP is in a unique position to tell PP that they should consider removing this clickthru link for security reasons. Good catch.
    {{ DiscussionBoard.errors[498174].message }}
  • Profile picture of the author Neil Morgan
    It's a phishing email, don't click on the link.
    Nope, it's real.

    I'm sure most of us here are aware of the ways to prevent being caught out by this kind of thing.

    My point is simply this.

    John Doe is told not to click on links in emails to avoid phishing.

    People who should know better send him emails with links, contrary to the good advice he's received.

    And by doing so, they muddy the waters with contradictory messages, helping the phishers in the process.

    It's unbelievable really.

    Cheers,

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[498196].message }}
  • Profile picture of the author jasondinner
    Even if it's not a spoof email, you should forward it to spoof at paypal.com

    If anything, maybe they'll get enough spoof complaints about their own
    correspondence, that they will make the necessary changes. (doubtful though)
    Signature

    "Human thoughts have the tendency to transform themselves into their physical equivalent." Earl Nightingale

    Super Affiliates Hang Out Here

    {{ DiscussionBoard.errors[498214].message }}
Avatar of Unregistered

Trending Topics