Paypal <[email protected]>

Phishing Paypal: Please Confirm Your Account – USA
*NOTE: I got this in my catcher email, but I forwarded it to Paypal anyway since I have an account with them. I have received a number of these in the past, and you may have also.

While much of this email's contents include graphics and DANGEROUS clickable links, there are MANY red flags. First, Paypal will never ask you to confirm your account. Then there's the punctuation error in that line. The “From” field shows “[email protected]” – WRONG !!! Paypal has its own domain, and will come in from @paypal.com

Note the many spelling, grammatical and punctuation errors that are in the text of the email. Paypal's writings are ALWAYS impeccably clean and correct.

Header Analysis Quick Report
Originating IP: 50.116.6.161
Originating ISP: Linode
City: Absecon
Country of Origin: United States

Please Confirm Your Account For Our System !
From: Paypal <[email protected]>

You Are Almost Finish Confirm Your Account …

Confirm Your Informations
For Our New System !

Dear customer, Confirm Your Informations For Our New
System , Until We Here From You . To Update Your Info .
Simply click on the web address below

<LINK: Confirm My Account Now>

Return-Path: bounce+0a3e0c.d34b44-seeking-biz-opps=g ... engine.com
Received: from mail-183-217.wpengine.com ([23.253.183.217]) by mx-ha.gmx.net (mxgmxus001) with ESMTPS (Nemesis) id 0M1m16-1Y40SZ2CRW-00tjCa for <snipped>; Wed, 29 Oct 2014 21:45:53 +0100
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=wpengine.com; q=dns/txt; s=k1; t=1414615552; h=Sender: Content-Type: Content-Transfer-Encoding: Mime-Version: Message-Id: Reply-To: From: Date: Subject: To; bh=3M23B0iYLXWLvd/6dy4iISW+IAHXAws5v45fRowv9bA=; b=u2vp5vwm0wYTX+Kbq5DMBuKsoaSFNFa39EaWh809l4PIN5eK9Xa4Jhluleby79aO/kSfceY2 2OA+O38wHLc6r62ZOSZlz38uAKwBkAbMGD6GReI6kz6b8aqK1zdEUsZCUzM0DlphB6ZHVz46 W4xmTs+s6RaqAn+juIYX91FSM28=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=wpengine.com; s=k1; q=dns; h=To: Subject: Date: From: Reply-To: Message-Id: Mime-Version: Content-Transfer-Encoding: Content-Type: Sender; b=i0mQhu6SFiOy/lP06GjgHgISPB7SvO1EQGC1INqX0UGJ/17BBAcfHQ5HUGuNKkvlpCF7GW HD67B/P3IBp+3L1u6gOTfIPu0yKZVP/cRIITehJj/VCCc9ozRrYx8SpNlh386ccWtfkI95wm w0jNh+hRsDveUNjbsuGp4/UvDYHrs=
Received: from pod-1146 (li432-161.members.linode.com [50.116.6.161]) by mxa.mailgun.org with ESMTP id 545151fd.7efeaca123c0-in3; Wed, 29 Oct 2014 20:45:49 -0000 (UTC)
X-Sendgrid-User: wpengine-pod-1146
Received: by pod-1146 (Postfix, from userid 33) id B9B0A191AFAA; Wed, 29 Oct 2014 20:45:46 +0000 (UTC)
<snipped>Subject: Please Confirm Your Account For Our System !
X-Php-Originating-Script: 33:Mai1ler.php
Date: Wed, 29 Oct 2014 20:45:46 +0000
From: Paypal <[email protected]>
Reply-To:
Message-Id: <[email protected]>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
X-Mailgun-Sid: WyIyYjc5ZiIsICJzZWVraW5nLWJpei1vcHBzQGdteC5jb20iLCAiZDM0YjQ0Il0=
Sender: [email protected]
<snipped>X-UI-Filterresults: junk:10;V01:K0:/LTzYvj6HAg=:AxNMlIdULQlPiRWslQe/MfdO2CSt 1md6ftigZURlUr3axkLxRto7jht0+bia+pQ5CDeaZYwF9Ct80QoSkIpY8/OWW1kIgBqrRJHNH h0n8zIKsyMRG9V/iZqMEZiwIt1yV5vgrV5SzD6BpCbqYkvpIhIxBm1HCu7mVQFm4SQiFCX62X CaNlu8A99ZSAMi3INsO11XryPGryBxvBzynP2th5hPaDx4ukcz/tHlMUBw+Tm2DWMfG7NiFH5 5Mk291PSv6KjHKh3MveFzAH/fHx2+IG5lVcYxFN/yD36ennx0ewgHMx+p8WqUU0YtLi/UBlli JCrlhpSHxjaP1wonUc7UNDPsTWgJYfXwW0uJmRYDgiqj9hZlTiUNOYatR9jlLLxNsf1hHz6TG OFoingzdj/lHmdT7lyr6/yU6Bn4dNH4Za2rOj6u+1cZz2SXhFz439aXts2boL8ZF2BlnNEXk6 zdePEMP7NVzAzAogGZhbvJ2FiochrMJPlFWKD61TofrwU4YTnElc9tYmkxavd/jUus5pjW9n4 ++npRnbAUpKpaBKGirPXH+nGoN3yThRkW+q/M8bRKX0Tbkb2lBzHprNbDp4tNPK54Ube55bkU tfMEl0Am2NA1PzmBXwanCiNvSUaEzW+b8VmjHkWY72t6ycJFai7M0fgvExTtSXgvbz9Slfn1D nyCnmxpxbj0kDJjXsQGReOQFgcIi5GQ+hMciO2cJHaexnNj4FmCGCT1lQ4x60gl0mA293OYkJ 6a6+IcxIGB7s735s9bDrY3OwPCKWT6tTeUvKdy224ykUv08vZVyg407JXqoRM1UTN9/e412uD 1W8HTclHFigpzYm0596z6n1VRkYyD9V1CqvpQeUAtAwZxvpoP6uKOthf3+wIOquGfYbmnOAsX VDCg9+84erf4zDwhyWSQEVzOrm/xs4dY8uyhzZyrFLl00srLJhjjH3qevXngBGtEX+8W7f0D+ g2PCB8LlKZVNQKs5HUYKqCM888RjFyfMgPR8U57FhOGu0J+WpAxBQ8w3e9KygWJculMu/pytx 5Sm9YrO4jP2IDrWxhse3iOELNbQNGYqBPRDNqfXn+NlyJvDoiTTw5c257iK1IZ01ab2N09EZ7 tPG04WS+ZNjBj8aWQSoPpQY8JUOzuePeklQkw6NTFlfk/gcEEa4wx+IsFH4fCMO3pTf3809ti WYF3sn01X/EBqzibqAGl35+yZUFgWYjnjeqmnUvJRelzxP1nFWoeSoPNXY51xkzDkZO4P7wji OF+QnADJ3LOQIO3ZsT5rLF1KMwXDU3TWoLPK2ugNRTnowprnekPvD1jVJ8UxpuT9O6mSTsO/w epjSg2RoyNvLgB8m5oLwZwwYPOHHUX8m9xKp8iyc5bKncYiaG6c8JJOXJsreVRdpiUoELGKb4 xbgM6W8uKkBqeE2jfGgZMbN1OtNGvIHv9q9zU6LdHHaxxmm9eAmLVZinB5BOTxYo02e8oon3p jGl09g==

Here is the email I received back from Paypal – it outlines the type of email communications that ARE NOT FROM PAYPAL. Note that they will ALWAYS address you by your first and last names.

Dear <snipped>,
Thank you for being a proactive contributor by reporting 
suspicious-looking emails to PayPal's Abuse Department. Our security 
team is working to identify if the email you forwarded to us is a 
malicious email.
Paypal Will Always:
- Address our customers by their first and last name or business name of
their PayPal account
Paypal Will Never:
- Send an email to: "Undisclosed Recipients" or more than one email 
address
- Ask you to download a form or file to resolve an issue
- Ask in an email to verify an account using Personal Information such 
as Name, Date of Birth, Driver's License, or Address
- Ask in an email to verify an account using Bank Account Information 
such as Bank Name, Routing Number, or Bank Account PIN Number
- Ask in an email to verify an account using Credit Card Information 
such as Credit Card Number or Type, Expiration Date, ATM PIN Number, or 
CVV2 Security Code
- Ask for your full credit card number without displaying the type of 
card and the last two digits
- Ask you for your full bank account number without displaying your bank
name, type of account (Checking/Savings) and the last two digits
- Ask you for your security question answers without displaying each 
security question you created
- Ask you to ship an item, pay a shipping fee, send a Western Union 
Money Transfer, or provide a tracking number before the payment received
is available in your transaction history
READ!
Any time you receive an email about changes to your PayPal account, the 
safest way to confirm the email's validity is to log in to your PayPal 
account where any of the activity reported in the email will be 
available to view. DO NOT USE THE LINKS IN THE EMAIL RECEIVED TO VISIT 
THE PAYPAL WEBSITE. Instead, enter http://www.paypal.com into your browser to 
log in to your account.
What is a phishing email?
You may have received an email falsely claiming to be from PayPal or 
another known entity. This is called "phishing" because the sender is 
"fishing" for your personal data. The goal is to trick you into clicking
through to a fake or "spoofed" website, or into calling a bogus customer
service number where they can collect and steal your sensitive personal 
or financial information.
We will carefully review the content reported to us to certify that the 
content is legitimate. We will contact you if we need any additional 
information for investigating the matter. Please take note to the 
security tips provided above as they may help to answer any questions 
that you may have about the email you are reporting to us.
Help! I responded to a phishing email!
If you have responded to a phishing email and provided any personal 
information, or if you think someone has used your account without 
permission, you should immediately change your password and security 
questions.
You should also report it to PayPal immediately and we'll help protect 
you as much as possible.
1. Open a new browser and type in http://www.paypal.com.
2. Log in to your PayPal account.
3. Click "Security and Protection" near the top of the page.
4. Click "Identify a problem."
5. Click "I think someone may be using my account without permission." 
6. Click "Unauthorized Account Activity."
Thank you for your help making a difference.
Every email counts. By forwarding a suspicious-looking email to 
[email protected], you have helped keep yourself and others safe from 
identity theft.
Thanks, 

Shortly thereafter, I received this from Paypal:

Hello <snipped>,
Thanks for forwarding that suspicious-looking email. You're right - it 
was a phishing attempt, and we're working on stopping the fraud. By 
reporting the problem, you've made a difference!
Identity thieves try to trick you into revealing your password or other 
personal information through phishing emails and fake websites. To learn
more about online safety, click "Security Center" on any PayPal webpage.
Every email counts. When you forward suspicious-looking emails to 
[email protected], you help keep yourself and others safe from identity 
theft.
Your account security is very important to us, so we appreciate your 
extra effort.
Thanks,
PayPal
This email is sent to you by the contracting entity to your User 
Agreement, either PayPal Ince, PayPal Pte. Ltd or PayPal (Europe) S.à 
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 
349.