关于 IPN 证书升级的邮件:合法吗?
Email about IPN certificate upgrade: Is it legit?
几天前,我从地址 paypal@paypal.com 收到了以下电子邮件,主题为 "IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.".
我有理由相信这是一次网络钓鱼尝试。请在最后找到我的笔记,并尝试证明我对或错的原因。
我删除的唯一邮件部分是第三行我的名字。
PayPal service upgrades.
,
As we have previously communicated to you, PayPal is upgrading the
certificate for www.paypal.com to SHA-256. This endpoint is also used
by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to
change this date on short notice to you to align to the industry
security standard.
You’re receiving this notification because you’ve been identified as a
merchant who has used IPN endpoints within the past year. If you have
not made the necessary changes, we urge you to do so right away to
avoid a disruption of your service!
Because these changes are technical in nature, we advise that you
consult with your individuals responsible for your PayPal integration.
They will be able to identify what, if any, changes are needed. Please
share this email and the hyperlinks below with your technical contact
for evaluation.
Testing in the Sandbox is one of the best ways to make sure your
integration works. Sandbox endpoints have been upgraded to accept
secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System
Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change
microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
Please do not reply to this email. We are unable to respond to
inquiries sent to this address. For immediate answers to your
questions, visit our Help Center by clicking "Help" on any PayPal
page. Copyright © 2014 PayPal. All rights reserved. PayPal (Europe)
S.á r.l. et Cie, S.C.A., Société en Commandite par Actions. Registered
office: 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B
118 349.
以下是我认为它是假的的原因:
- 他们只是称呼客户的名字,没有 "Dear" 等等
- 版权所有 2014?奇怪...
- 短语 "we may need to change this date on short notice to you to align to the industry security standard" 有一个小错误(IMO,虽然我的母语不是英语)并且听起来不像公司的政策。说可能改日期不专业。
- 主题...来吧,caps?
- 链接指向一个陌生域,其证书由与 paypal.com 不同的公司颁发。一个提供 pdf。
我认为这是一次精心设计的网络钓鱼尝试,但令我印象深刻的是,在有关它的在线讨论中(可追溯到数月前),各公司的代表都将其视为合法。
那么,我是不是漏掉了什么?
是的,这是来自 PayPal 的合法电子邮件。
有关更多详细信息,请参阅最近的堆栈问题:
How can I tell if my paypal certificate is SHA-256?
PayPal Merchant Technical Support 站点提供了有关证书升级以及如何测试您的服务器的更多信息。
此外,如果您想知道一封电子邮件是否来自 PayPal,您可以将该电子邮件转发至 Spoof@paypal.com 或新电子邮件 Review@paypal.com。
几天前,我从地址 paypal@paypal.com 收到了以下电子邮件,主题为 "IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.".
我有理由相信这是一次网络钓鱼尝试。请在最后找到我的笔记,并尝试证明我对或错的原因。
我删除的唯一邮件部分是第三行我的名字。
PayPal service upgrades.
,
As we have previously communicated to you, PayPal is upgrading the
certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking "Help" on any PayPal page. Copyright © 2014 PayPal. All rights reserved. PayPal (Europe) S.á r.l. et Cie, S.C.A., Société en Commandite par Actions. Registered office: 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349.
以下是我认为它是假的的原因:
- 他们只是称呼客户的名字,没有 "Dear" 等等
- 版权所有 2014?奇怪...
- 短语 "we may need to change this date on short notice to you to align to the industry security standard" 有一个小错误(IMO,虽然我的母语不是英语)并且听起来不像公司的政策。说可能改日期不专业。
- 主题...来吧,caps?
- 链接指向一个陌生域,其证书由与 paypal.com 不同的公司颁发。一个提供 pdf。
我认为这是一次精心设计的网络钓鱼尝试,但令我印象深刻的是,在有关它的在线讨论中(可追溯到数月前),各公司的代表都将其视为合法。
那么,我是不是漏掉了什么?
是的,这是来自 PayPal 的合法电子邮件。
有关更多详细信息,请参阅最近的堆栈问题:
How can I tell if my paypal certificate is SHA-256?
PayPal Merchant Technical Support 站点提供了有关证书升级以及如何测试您的服务器的更多信息。
此外,如果您想知道一封电子邮件是否来自 PayPal,您可以将该电子邮件转发至 Spoof@paypal.com 或新电子邮件 Review@paypal.com。