I know this is a scam, but it's coming from service@paypal.com, which is their official email. how did they spoof that?
the l is an I
sar youve been hacked its realjy8pt
>>107029194yet again I say I and l should be in the unicode confusables table and if someone bitches about it tell them tough shit they have to use a serif font for security audits.
>>107029201They are dude. https://util.unicode.org/UnicodeJsps/confusables.jsp?a=paypaI
It seems to be a recent refund scam. if you call the number, you will be fucked. according to reddit:>You actually can spoof with the checkmark. What happens is, they do something that triggers Paypal to email themselves. Then, their server is setup to replay the DKIM header, and send the same email to someone else, ie OP. DKIM is checked when OP's mail service receives the message, it does find that a different domain relayed the message (ie the scammer's domain) than Paypal's domain, but when set up without requiring DMARC, it's okay and allowed to be shown as Paypal (essentially because different mail servers might handle secure mail from some other domain).>They do this so they aren't directly sending emails 1-to-1 from Paypal to many people, instead they can do one triggered email from Paypal and send out gobs of emails to other people, increasing the efficiency of their scam account on Paypal. It also gets around spam filtering because it's Paypal, no one's going to block Paypal.>The original message triggered from Paypal is an automatic payment being setup, then cancelled, so all the scammer's did on that front was setup a payment and cancel it on their fake accounts.>>107029194nope, it's the legit email. i never knew people could spoof them. almost threw me off for a bit
>>107029183it is not difficult to spoof the from field in emailsIt exploits the basic design of the internet's email protocol, SMTP. https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-protection-spoofing-aboutThe Envelope Sender (MAIL FROM)The Header Sender (From:)these two addresses do not have to match!All online email providers do a series of checks to determine if the from is correct. Sometimes, spam gets through the checks.I have received phishing emails with a from of my own address. >>107029238its not that elaborate, just a From: forgery
>>107029183What I don't get is why the jeet scammers can't figure out typography
