As the title indicates, the following is a real PayPal mail that looks fake. It arrived yesterday after making a purchase, as the card associated with the account had no balance, the following alert was sent:
(click to see larger)
For a second it made me hesitate, because the message includes a link and requests to add a credit card! But it is legitimate, the link destination is PayPal, the email is personalized and coincides with the failed purchase. But beyond that, it is a complete mistake that they send alerts like this.
It contradicts all basic safety rules, Are you sending a link in the mail to log in and add a credit card? (Spammers are drooling with this kind of thing) … on top of that the URL is a strange mean, it starts with a email0.paypal.com and ends encoded.
Wouldn't it be better to simply send the message without links and ask to type paypal.com in the browser? Of course, to facilitate the task of accessing the site and logging in, the link is great, but let the user decide if a link is real or not A MISTAKE capitalized when it comes to financial institutions.
PayPal is one of the services most affected by phishing and this type of thing helps make it easier to deceive users.
But this is not new, Googling I found a note from 2010 in The Register where they comment the same and in the blog of Eset one from 2009! In other words, they have been doing it for a long time and, for PayPal, it is good that it is so.
See also: PayPal Phishing with HTML Attachment. PayPal Limitation Remover? you better not try strange things.