A surprising scam email that evaded Gmail's spam filter
At first glance, this appeared to be a legitimate PayPal invoice email. It looked like someone set their seller name to be “Don’t recognize the seller?Quickly let us know +1(888) XXX-XXXX”, but with non-ASCII numerals, probably to avoid some automated spam detection.
I believe they sent themselves a PayPal invoice, and then crafted an email to send me using that email’s body. They had to leave the body completely unmodified so that they could still include headers that would show that it’s been signed by PayPal, but they were still able to modify the delivery address to get it sent to me.
If that’s correct, it explains how it ended up in my inbox and why it appears to have been legitimately signed by PayPal, but I still believe Gmail should have caught this.
I would have expected that for a service as significant as PayPal, Gmail would have at minimum a hard-coded rule that marks emails as spam if they’re signed by PayPal, but mailed by an unrecognized domain.
