
Can someone tell PayPal to stop sending “phishing” emails? - rkagerer
I got an email from PayPal this morning about upcoming changes to their legal agreements.  It did not include the changes; instead it told me to go review them at a link beginning with:<p><pre><code>    https:&#x2F;&#x2F;epl.paypal-communication.com&#x2F;
</code></pre>
...followed by indecipherable tracking codes.<p>I think it&#x27;s legit, but I feel like the company is pushing me to click a link that smells like a phishing campaign (in order to review ToS changes they made without my consent).  The domain has confused others [1][2], is blocked by uBlock Origin, and it&#x27;s even been discussed here before [3].<p>Paypal often reminds me to be wary of phishing scams.  Is there a <i>good</i> reason they can&#x27;t use a subdomain of paypal.com instead?<p>----<p>[1] https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;182161&#x2F;why-would-paypal-send-messages-from-another-domain<p>[2] https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;paypal&#x2F;comments&#x2F;4qlnf0&#x2F;is_this_a_phishing_attempt&#x2F;<p>[3] https:&#x2F;&#x2F;hn.algolia.com&#x2F;?query=paypal-communication.com&amp;dateRange=custom&amp;dateEnd=1592956800&amp;dateStart=1465948800&amp;prefix=true&amp;type=all
======
yesenadam
Yeah, this seems like a bad practice! Following that SE link, it seems Stack
Overflow does a similar thing, and Google and Twitter etc. I'm not sure how or
why people are supposed to trust super-suspicious-looking links. What's the
idea supposed to be? "If an email says it's from PayPal, just click on it"?
What could possibly go wrong. How are we supposed to know it's legit? Do some
research on every link before clicking?!

------
giantg2
I always try to go to the site directly without clicking links. It's generally
faster and safer than me trying to vet every link I get.

