Dustin wrote:
> "Li'l Abner" <blvstk@dogpatch.com> wrote in
> news:Xns9ECD1F79A80DBbutter@wefb973cbe498:
>
>> https://www.paypal.com/cgi-bin/webscr?cmd=_account, even though the
>> status bar (shown in diagram) isn't pointing there.
>
> Abner, if you googled this from the headers; You'd quickly discover
> it's a phishing email and has been floating around since 2009,
> possibly even longer.
>
> om-paypal-na.rsys4.com
>
> DSL reports had this to say about it,
>
> http://preview.************/3f2bt68
>
> No need to forward it along, as paypal has seen thousands of identical
> emails. You were wise NOT to follow the instructions contained withen.

Apparently there were some phishing emails with similar content, because
employees at PayPal confirmed to some people that the emails were spoofed.
Either that or someone is asleep at the switch (which appears more likely
based on some of the queries I've seen).

The email I received was not a spoof--each and every link landed directly at
the PayPal site. There's a 3rd party servicer doing the mailings, but PayPal
hired them, so they're doing what they were paid to do. All the mishegoss at
the end of the links is apparently something that they use for
tracking/statistical purposes.

It may have been misguided, but it was not a phish.