SRO Systems  
(855) SRO-SYS1

Stupid Paypal Payment Links

Posted by on March 10, 2019

Hard to believe in this day and age of phishing and scam emails, Paypal sends emails with links like the one below and expects users to click them.

https://www.paypal.com/myaccount/claim-money?em=payments%40srosystems.com&txn_id=2P0264257S02456E&ppid=LLC090412&cnac=US&rsta=en_US(en_US)&cust=&unptid=a51cbe90-4164-11e9-8216-441fa14ea910&t=&cal=a91602e9b027e&calc=c91672e9c017e&calf=a922112bec027e&unp_tpcid=email-standard-transaction-reminder-unilateral&g=null&unilat=null&trid=null&errc=null&emsub=Reminder:%20$101.00%C2%A0USD%20from%20My%20Customer&encrem=null&ennm=null&tems=2019-03-03%2010:25:32.599&page=main:consumer:email:unilateral:open:::&pgrp=main:consumer:email:unilateral&e=op&mchn=em&s=ci&mail=sys

Takes a good bit of time to visually determine there’s not some other domain in there and I wouldn’t even open the message, much less click the big “CLAIM YOUR MONEY” button had it not had valid DKIM AND zero hits from our mail scanner.

I advise customers to never click a link in an email unless they are 100% sure where it goes (which can be tough depending on the mail client).   How many of our customers even know about domain keys or can visually parse such a URL?  Not a lot I imagine.

There is zero reason for this massive URL.  Seriously, Paypal: why not simply: https://www.paypal.com/claim-money?some-token=some-unique-id ?

Posted in: Uncategorized

Simple Business by Nimbus Themes
Powered by WordPress