PayPal Users Forced to Stop Using Service for Cryptocurrency Purchase
March 19, 2018
Last week some of PayPal users received e-mails warning them that the company disapproved of any activity involving cryptocurrencies and urged the customers to cease it immediately if any.
“While reviewing your account, we noticed that your activity involves the trading or transfer of crypto currency which is prohibited under our Acceptable Use Policy. As this is not permitted on the Paypal platform we ask that you cease any activity that results in the trading or transfer of crypto currency. If you continue to engage in this activity on Paypal, we’ll be unable to continue offering our services”, as the message run.
One of those to receive it was David Veksler, a member to the Foundation for Economic Education:
“All I can tell you is that customer support said it’s fake but the email looks legit, including the digital signatures. I’ve never bought or sold crypto with my account”.
It is to add here, real document with terms of service use contains no information on banning cryptocurrency-related activity.
PayPal community are convinced, the e-mails are fake. The question is how criminals managed to distribute the spam using official service mail for notifications? Veksler suggests the following:
“There is no domain verification process for sender address in the SMTP protocol. There is a separate, optional Sender ID framework which some providers use. This email is also signed with that protocol. I cannot explain that”.
One of the forum users claimed in response to this:
“It’s pretty easy. Anybody can download a number of hacked BTC-related databases. (bitcointalk database, btc-e database, etc.). Then the scammer takes the list of BTC-related emails and cross references it with another database that includes full names. Now the scammer has a list of BTC users’ full names and e-mail addresses. (Also in many cases username, password hash, DOB, meatspace address, ssn, all sorts of other private data depending on what database they’re using.) Anybody with a semester of computer science class should be able to write a script that does this. Then just send out some spam emails».
So far PayPal representatives haven’t given any official comment on the situation.