I recently received an email from PayPal - to the correct email account - reminding me that my card was about to lapse and to register a replacement with them.
I ignored it the first couple of times then logged in to my PayPal account to find that although I had logged my new card with them, upon receipt of it, I hadn’t activated it.
Although I was at first suspicious it proved to be quite legit.
So, I logged in to PayPal and did the thing there. Seems legit.
Sounds like there are two versions of this email going around - the legit one, and a phishing one that is pretty much a copy of the legit one except for bad links.
As others have said - legit email or not - you will never hurt yourself by typing in the url and going to paypal directly to check it out.
make it a habit of Never clicking on banking/account related links within email -
Assuming you type it correctly, yeah. I’m sure lots of scammers register domains which are typographically inaccurate renditions of “paypal.com”.
I received an email message similar to the one in the OP. I forwarded it to spoof@paypal.com and received the following reply:
However, when I directly accessed paypal.com and logged in, I also was informed of the need to “consent to our Electronic Communications Delivery Policy.”
I received one of the phishing ones today. I knew it was a phishing one because I don’t have a PayPal account, and never did. But there were also a few spelling errors (for example, “Dear Costumer”) and awkward-sounding, almost-too-formal phrasing (“If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service”) that would have sent up red flags regardless.
I forwarded it to spoof@paypal.com, and hopefully, they can deal with it.