Is this PayPal/SDMB thing legit or phishing?

[Oslo_Ostragoth]

I have a PayPal account that, as far as I can recall, has only been used to pay my SDMB subscription. I got this email:

"So we can continue providing you with your account information electronically please provide your consent to our Electronic Communications Delivery Policy. Log in to your PayPal account and follow the steps below.

Hello xxxxxxxxxxx,

PayPal is updating the way we send you your account information. Please agree to our Electronic Communications Delivery Policy today. This ensures that we can continue providing you with your account information electronically, including transaction receipts, account statements, and annual disclosures."

And so on and so forth.

What’s going on here?

[silenus]

It a phish. If you check the url on mouseover, it doesn’t go to paypal.com, but e.paypal.com.

Totally bogus. Delete it. Paypal will never contact you by email. They only contact you by message when you log in.

[DMC]

silenus:

It a phish. If you check the url on mouseover, it doesn’t go to paypal.com, but e.paypal.com.

Are you sure that it is e.paypal.com? If so, that’s just a subdomain, so I’m not sure how this particular phishing method would work. If it’s something like e-paypal.com, epaypal.com, e.paypal.com.something.com etc., then sure.

[DMC]

By the way, I’ll agree that that message smells fairly phishy. I’m just confused on how that would work if the domain is actually what silenus stated.

[silenus]

e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.

[DMC]

Yes, if it is e-paypal.com, that’s likely someone phishing. e.paypal.com, on the other hand, should be completely legit.

Oslo Ostragoth, if there are links in the email to “login” or “accept”, etc., then probably a phishing attempt. If it just directs you to log onto paypal yourself, without any links to “help” you get there, probably legit.

[running_coach]

Legit or not, you won’t get in trouble by going to the site on your own(no link clicking) and login as you usually do.

[psychonaut]

silenus:

e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.

I don’t know where you got this idea; PayPal contacts people by e-mail all the time for various reasons, such as when they’ve received a payment.

[johnpost]

if it’s legit and you need to do something then when you log on to PayPal it will give you a message saying you need to do something.

[paperbackwriter]

silenus:

e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.

BS. Paypal is actually asking for permission to do exactly that. If you’re paranoid, instead of following any links in the e-mail, just type www.paypal.com into a new browser window and sign on. Lo and behold, you’ll get a request to approve electronic document delivery.

Y’know, so Paypal has your permission to contact you by e-mail. But you don’t have to take my word for it:

Notices to You. We have modified our disclosures about the notices we send to you in Section 1, which we will now provide to you in a separate disclosure called “Electronic Communications Delivery Policy” which can be accessed by clicking on the Legal Agreements link at the bottom of the PayPal website. **This policy describes how we communicate with you electronically, **provides additional detail about the Communications we provide to you, and sets out the hardware and software you need to receive these Communications.

[BigT]

It’s legit. Go to Paypal.com manually, and they’ll ask you the same thing.

BTW, e.paypal.com is their email sending server.

[An_Gadai]

silenus:

e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.

Yes they do, all the time.

[Shakester]

Yep, I get emails from PayPal too.

What they don’t do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.

[EvilTOJ]

It’s possibly a scam. I got this email too, complete with link to click. Only, I didn’t get it to the email address I use with PayPal. When I went to paypal.com and logged in manually, I got;

Electronic Communications Delivery Policy (E-Sign Disclosure and Consent)
We’d like to continue providing you information about your account electronically such as through email, web pages, and .pdf files.

In order for us to continue sending you information about your account electronically, please read and accept our Electronic Communications Delivery Policy today.

I have read the Electronic Communications Delivery Policy (E-Sign Disclosure and Consent) and agree that PayPal may provide information to me about my PayPal account electronically. I confirm that I can access and print or save emails, web pages and .pdf files that PayPal sends or otherwise makes available to me.

So it could be legit, or it could be phishers knowing paypal sent out an update and they’re playing on that.

[Fear_Itself]

Shakester:

What they don’t do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.

And they always address you by your PayPal user name, not some ambiguous, “Dear PayPal User:”

[silenus]

I sit corrected.

But this one is a phish, because it’s to “Paypal user,” not whatever my name is on Paypal. And it’s sent to my Hotmail account, which isn’t the one I use for Paypal. So I was right that it was bogus, just for the wrong reason.

Just like normal.

[pulykamell]

[QUOTE=Shakester;14099820
What they don’t do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.[/QUOTE]

Not sure what you mean. All my Paypal receipts and shipment notices have hotlinks in them.

[MeanOldLady]

silenus:

I sit corrected.

But this one is a phish, because it’s to “Paypal user,” not whatever my name is on Paypal. And it’s sent to my Hotmail account, which isn’t the one I use for Paypal. So I was right that it was bogus, just for the wrong reason.

Just like normal.

Yours was a phish, but I got the same e-mail the OP describes with my name.

Shakester:

What they don’t do is provide links in emails…

Yes they do.

[Uber_the_Goober]

If you’re worried - and you have Chrome as your browser - then when you go to the website just look in the address bar. It says (with a green box around it) the name of the company, and shows that it is indeed a secure connection to the website you actually intended to go to.

Another reason I like Chrome.

[ZipperJJ]

echo6160:

If you’re worried - and you have Chrome as your browser - then when you go to the website just look in the address bar. It says (with a green box around it) the name of the company, and shows that it is indeed a secure connection to the website you actually intended to go to.

Another reason I like Chrome.

Glad you like Chrome but Firefox 3+ does this, as does IE 8+. As long as the site you’re on is a secure site.