Jason Evangelho 🐧🎒Aug 15, 2025

There's a really disturbing #Paypal #phishing scam happening right now. Obviously this reads like a typical phishing attempt (bad grammar, a malformed phone number to call, etc), but the official Paypal email wasn't spoofed. It came from PayPal's email infrastructure.

Examining the headers shows that SPF, DKIM, and DMARC all pass. If you have a Paypal account, please exercise caution. Don't click links in these emails. Forward them to [email protected].

Please boost for visibility.

Show threadMartin GigerAug 15, 2025
@killyourfm that's quite the user/company name they picked.
Show threadHans Meier 1312Aug 16, 2025

@freaktechnik @killyourfm Almost makes you wonder if you could chose a username that would break havoc on their database. But then again, that would be their damage - not their customers'.

This approach supposedly is well known since a while, can't believe they don't want to implement some kind of sanity check - I mean this mouthful of a "username" ticks a ton of boxes.

Show threadMartin Giger
@lunte161 @killyourfm while I'm normally very much in the camp of not limiting input unless there is a technical reason I think there is an argument that most names should be able to get by with fewer spaces and total characters... Having abbreviations of long names shouldn't be unexpected.
Aug 16, 2025 at 10:43pmWeb