Stupid Paypal Payment Links
Hard to believe in this day and age of phishing and scam emails, Paypal sends emails with links like the one below and expects users to click them.
https://www.paypal.com/myaccount/claim-money?em=payments%40srosystems.com&txn_id=2P0264257X02456E&ppid=LLM090412&cnac=US&rsta=en_US(en_US)&cust=&unptid=a51cbe90-4164-11e9-8216-441fa14ea910&t=&cal=a91602e9c027e&calc=c91672e9b017e&calf=a922112bec027e&unp_tpcid=email-standard-transaction-reminder-unilateral&g=null&unilat=null&trid=null&errc=null&emsub=Reminder:%20$101.00%C2%A0USD%20from%20My%20Customer&encrem=null&ennm=null&tems=2019-03-03%2010:25:32.599&page=main:consumer:email:unilateral:open:::&pgrp=main:consumer:email:unilateral&e=op&mchn=em&s=ci&mail=sys
Takes a good bit of time to visually determine there’s not some other domain in there and I wouldn’t even open the message, much less click the big “CLAIM YOUR MONEY” button had it not had valid DKIM AND zero hits from our mail scanner.
I advise customers to never click a link in an email unless they are 100% sure where it goes (which can be tough depending on the mail client). How many of our customers even know about domain keys or can visually parse such a URL? Not a lot I imagine.
There is zero reason for this massive URL. Seriously, Paypal: why not simply: https://www.paypal.com/claim-money?some-token=some-unique-id ?
Comments
Leave a Reply
You must be logged in to post a comment.
Be the first to comment.