Read on Twitter
I wish there was some higher authority that could slap companies like @AskPayPal in the face with a chair, so they could finally fix their absolutely stupid email tracking/linking. It& #39;s 2020 and they still don& #39;t manage to use their main domain for links & even use fake text links
And the 
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🍒" title="Kirschen" aria-label="Emoji: Kirschen"> on the top is, that @AskPayPal and the rest of the support team do not or can not confirm whether http://epal.paypal-communication.com"> http://epal.paypal-communication.com is an actually PayPal owned domain.
They send out all emails with these links and then can& #39;t even confirm whether that& #39;s a phishing link or not.
They send out all emails with these links and then can& #39;t even confirm whether that& #39;s a phishing link or not.
Wait I made a typo in that obvious and not at all easy to misuse for phishing attack domain, it should be http://epl.paypal-communication.com"> http://epl.paypal-communication.com
Would you spot the difference?
http://epl.paypal-comunication.com"> http://epl.paypal-comunication.com
http://epl.paypal-comunication.com"> http://epl.paypal-comunication.com
Their latest communication was about adding a phone number to your account so it& #39;s more "secure". They even made a short link, so it& #39;s easier to reference, yet the actual link the email, points to whoknowswhere. For a security information email that& #39;s just a big no-no!
Also regarding their "add a phone to your account", I would have done so a long time ago, but the process is broken somewhere... https://twitter.com/DarkCisum/status/1267842839821647875">https://twitter.com/DarkCisum...
The topic is not new, but it annoys me every time I get a new email with phishing-like infested links... https://twitter.com/DarkCisum/status/1047239504841588737">https://twitter.com/DarkCisum...
Just noticed, that one tweet from 2018 is "unavailable", but I did not delete that. It had a link to the PayPal forum, which then makes me wonder if PayPal reported the tweet... https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤔" title="Denkendes Gesicht" aria-label="Emoji: Denkendes Gesicht">
Like how the replaced the domain with "<removed>" on this forum thread: https://www.paypal-community.com/t5/PayPal-Basics/lt-removed-gt-is-a-scam/td-p/1563748">https://www.paypal-community.com/t5/PayPal...
Like how the replaced the domain with "<removed>" on this forum thread: https://www.paypal-community.com/t5/PayPal-Basics/lt-removed-gt-is-a-scam/td-p/1563748">https://www.paypal-community.com/t5/PayPal...
Looks like their @AskPayPal forum moderators, couldn& #39;t be bothered to clean all the mentions in this thread: https://www.paypal-community.com/t5/Access-and-security/xxxxx/td-p/1164823">https://www.paypal-community.com/t5/Access...
I guess, if anyone has a LinkedIn account, they could contact the Chief Security Officer of PayPal, but who knows if they understand the problem or have any interest in fixing it. https://www.linkedin.com/in/mick-chandrani-19351b117">https://www.linkedin.com/in/mick-c...
