Is PayPal using Decipher Inc and domain paypal-survey.com ?

net1perl2
Contributor
Contributor
Posted on
‎Jul-08-2011 06:23 PM

I received an email tonight to my paypal only email address

from server:     apollo.decipherinc.com [204.13.11.49]

Invites me to do a survey at URL within domain:     paypal-survey.com   (link target points to same URL)

It was addressed to my full name as registered/written/spelled in my PayPal account

 

I receive a rare occasional spam to my paypal address, but never associated with my full name - I do not routinely use my full name, it's a business acct so I don't think general public can obtain my personal name by attempting a payment on our site - it shows the business name... unless they actually do proceed with the payment? I've not had any unknown payments.

 

It's offering to be entered in $1000 prize contest if I take the survey.

 

Is it really from PayPal or has my info been hacked ?

Login to Me Too
Login to Reply or Kudo
1 REPLY 1

net1perl2
Contributor
Contributor
‎Jul-13-2011 09:32 AM

I sent this to spoof and the reply was that it is legitimate.

PayPal does commission Decipher Inc to do surveys and paypal-survey.com is a legitimate PayPal owned domain name.

 

Of course, these can be faked, so to anyone who doesn't know what to check:

- check the raw email headers - you are looking for the Received: header added by your email server - i.e. there should be a mail server mentioned which belongs to Decipher, indicating they are who passed your own mail server received the message from. This will normally be the first Received: header from top down (they are in reverse chronological order). It may not be the first if your own network bounces the mail through another one of its _own_ servers before getting to you.

 

Received: from apollo.decipherinc.com (apollo.decipherinc.com [204.13.11.49])
    by host.da..........ns.com (8.14.3/8.12.10) with ESMTP id p690TIB4010025
    for <p...l@da.............ns.com>; Fri, 8 Jul 2011 20:29:18 -0400

 

Important to note that such headers further down can be faked. Be sure you are looking at which your network mail server got it from. If you have a Yahoo email addy and you see many Received headers that state it came from Decipher to Yahoo to someserver.jp to Yahoo, it would be the .jp that gave it to Yahoo, not Decipher, and that earlier Decipher header would have been faked - why would Yahoo have sent it offnetwork to a .jp server???

 

The other thing to check is that the target of the link truly does lead to a paypal-survey.com page. This is not only the link what you visibly see in the message, but what you see when you mouseover the link. To isolate the domain name, look at the portion starting at the double slash, and only until the first slash.

  https://www.paypal-survey.com/survey/paypal/ips11009?.......

  Look at www.paypal-survey.com

  Starting from right to left, leave only one dot and chop off any other dots and anything before (to the left).

Here we have:  paypal-survey.com

This is a valid paypal owned domain name.

 

These would all be wrong representations of this domain name:

 https://www.paypal-survey.com.com/.....    =   com.com

 http://www.paypal.survey.com/.......   = survey.com

http://www.paypal-survey.com.yahoo.user.net/.....     =  user.net

http://www.paypal-survey.com.survey.paypal.ips11009.net/.....  =   ips11009.net

 

 

 

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.