i got an email message, purportedly from “paypal at paypal dot com” with a subject line that read “Keeping Your Account in Good Standing”…

if you’ve ever had the displeasure of actually calling paypal, you’ll probably recognise their “security pointers” that they broadcast over the telephone while you’re on hold, which say things like “an authentic email message from paypal will address you by your first and last name”, while a bogus message will address you as “paypal user, or paypal member”…

the message i received addressed me as “%%FIRST%% %%LAST%%”…

i often receive email that has obviously been designed as html, and rendered as text because i don’t let my email client render html, for security reasons. the message is usually flagged, and if i want to allow it to render the html, i click on a button and it renders all of the non-executable, local bits of the html it can find, and if it has left anything else out (like scripts, calls to external web sites, images, and that sort of thing), i get the opportunity to click yet another button to get the full effect (hint: i very rarely click the first button and i have a policy of NEVER clicking the second button. if i want to see it that bad, i’ll usually go to my browser instead of my email client).

when i looked at the source of the message (as text only), i found that it had a malformed html section which didn’t trigger the first flag. in the html section, it actually had my first and last name, instead of “%%FIRST%% %%LAST%%”

the message said that they had noticed that i had a negative balance, and since it was only $0.30 – which was listed as “$%%NEG. BAL. AMOUNT%%” in the text version of the message – the account had been brought to balance, as their way of saying “thanks for using paypal”…

“cool,” i thought. “they have finally seen the light, and have taken steps to resolve a very, very frustrated customer”…

WRONG!!

when i logged into my paypal account, there was the big, red -$0.30 at the top of my account.

furthermore, when messages come from paypal, they have specific IP addresses referenced in their message headers, which this message did not have. this message referenced IP addresses which are associated with uu.net – a NOTORIOUS, OLD SCHOOL source of spam.

what i read in this situation is the following: some spammer has access to my paypal account.

what i’m supposed to do (according to paypal) is report it to their spam control department. unfortunately i know, from past reports to paypal’s spam control department, that they won’t accept reports from me, and even if they did, they won’t do anything to solve the problem.

now i REALLY want to cancel my paypal account… 😐