How Are You Dealing With PayPal Phishing Emails?

With our Mimecast setup, we established content examination policies that hold any email containing PayPal until it's reviewed by an admin. Since our company has no real need for PayPal, this process helps filter out potential phishing scams that users might click on unknowingly.

In our case, we get a mix of emails from paypal.com. Legitimate emails come from their specific server IPs, but the fraudulent ones always seem to originate from outbound.protection.outlook.com. I'm considering creating a mail flow rule that quarantines emails from "[email protected]" where the header reflects that outlook domain. Would that be a smart move?

We use SpamTitan and I've set up pattern filters to catch any emails from PayPal that aren't addressed to our accounts. This effectively sends them to quarantine, which minimizes any phishing risks. It's clear that some malicious individuals have set up PayPal accounts to forward fake emails to unsuspecting targets and hope they'll click harmful links. I think PayPal could improve their security to prevent this from happening by ensuring that links are only valid for a short time and tied to the original request IP.

We don’t see any legitimate reason to have PayPal in our environment, so we quarantine all emails from paypal.com or even those with 'PayPal' in the subject line. It’s a straightforward method to prevent potential scams.

Instead of distinguishing between legitimate and fraudulent PayPal emails manually, why not auto-quarantine anything that comes from PayPal? I mean, unless you're in an industry that specifically uses it, there's really no reason for a business to handle payments that way.