19
cave
7y

Recently I got an E-Mail from PayPal.de with the headline "Your account gets limited". Fun Fact: I don't have a PayPal account.
This Mail got me curious though, as it couldn't be a phishing mail, since I don't have a PayPal account in the first place, so I opened the e-mail just to get greeted by pure emptiness. It was completely empty. I thought to myself "oh no, is this some sort of new trick? Did I get infected by some sort of a weird hacky backdoor trojan already?!"

Name: PayPal.de
Original E-mail Address: NULL (never seen this before)
I then realized, that Thunderbird blocked the only content from this mail: a clickable image.

This is getting even more confusing the longer I examine this unique mail. The image is showing me a domain from a site completely unrelated from PayPal, so it was obviously no phishing, but I didn't trust this clickable image, so I looked up its hidden link to find an even more confusing redirection to not a picture upload site like the image suggests, but to a game key reselling site instead, like wtf? What was the whole point of this whole e-mail? Was this a weird try to make advertisements for more than one website? It wasn't even a ref-link or something like that. It was just weird, iunno.

Comments
  • 10
    They now know this email adress exists and will keep you on the spam list.
  • 1
    @Codex404 How do they know? Do they get some sort of "yes, this e-mail got opened"-notification or something? I honestly don't know
  • 6
    @cave multiple ways of doing it. Most newsletters have it as well by adding a 1*1GIF to it with a link which does a request to a server.

    So something in the image is my guess.
  • 0
    @Codex404 Okay, I will take a closer look at it tomorrow, I'm curious if this mail was just scam gone wrong or if they really tricked me using my curiosity
  • 4
    If they are using a service like mail chimp, it embeds a pixel image which will track the opened email, and if they want to they can use traceable urls which look spammy but if you follow them, they also add to the logs for “analytical” purposes.

    So they now know this email was accepted by the mail server, was opened by someone, and a link was followed confirming in full this email address is active.
  • 0
    Still a form of phishing
  • 0
  • 0
    @terraria99 its small I guess
Add Comment