Spam on my PayPal email address

Discussion in 'other software & services' started by Wroll, Aug 21, 2014.

Thread Status:
Not open for further replies.
  1. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    As I said on some other thread some time ago, I use an email address for every account which needs an email. This morning, on my email address associated with my PayPal account, I received an email from an address other than PayPal (I'm not subscribed to their own spam), which pointed to a website which doesn't look very legit.

    Now the question is: who got hacked? Me, my email host or PayPal?
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Probably no one. There are two possibilities:

    1. Someone guessed your email address and added it to a spamming list (the likeliness of this event depends on how easy to guess your email address is).
    2. Paypal gave your email address to one of the people/firms that you sent a payment to, and you ended up on their marketing (read: spam) list.
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Perhaps you meant DIFFERENT email address for every account that needs an email? If so, a few thoughts...

    - Has that email address ever been submitted to someone other than PayPal or used by someone other than you?
    - Is that email address unique enough that it is unlikely to have been a simple guess? I've often seen commonish email usernames tried against different email servers/domains.
    - Can you, and have you, reviewed logs to look for signs that the client was just trying different ones and/or using a dictionary style attack?
    - Have any other email addresses you have at that email host been hit? Around the same time? By the same client IP Address? By what otherwise appears to be the same spamming outfit? If the host were compromised, or someone inside shared valid email account info, you would expect other email addresses there to get hit. Similarly, if some list of the email addresses you use is kept on your computer and that was compromised, you'd expect other email addresses in that list to get hit.
    - Keep an ear/eye open for reports from others that their PayPal unique email address was hit. Remembering that only a small percentage of users are using the unique email address for each recipient technique. You could even start searching for recent discussions: PayPal email address compromise. If it were some type of compromise on the PayPal side, you would expect that other PayPal user email addresses would also get hit.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,284
    Location:
    England
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Interesting idea there... allowing users to submit one email address for official PayPal communications and another for use by sellers. Would probably need a per-transaction/seller option, though, if seller spam and/or sellers sharing email addresses is really that common. For whatever reason, I never had that problem.
     
    Last edited: Aug 21, 2014
  6. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    1. (almost) Impossible to guess my email address because is usually word.related.to.the.website+random.word@mydomain.
    2. I guess this extends the list and it seems to be the most plausible explanation and never thought to it. I do have receipts for every paypal purchase I've made, but how do I find the guilty one I have no idea.
     
Loading...
Thread Status:
Not open for further replies.