24
cave
197d

Recently I got an E-Mail from PayPal.de with the headline "Your account gets limited". Fun Fact: I don't have a PayPal account.
This Mail got me curious though, as it couldn't be a phishing mail, since I don't have a PayPal account in the first place, so I opened the e-mail just to get greeted by pure emptiness. It was completely empty. I thought to myself "oh no, is this some sort of new trick? Did I get infected by some sort of a weird hacky backdoor trojan already?!"

Name: PayPal.de
Original E-mail Address: NULL (never seen this before)
I then realized, that Thunderbird blocked the only content from this mail: a clickable image.

This is getting even more confusing the longer I examine this unique mail. The image is showing me a domain from a site completely unrelated from PayPal, so it was obviously no phishing, but I didn't trust this clickable image, so I looked up its hidden link to find an even more confusing redirection to not a picture upload site like the image suggests, but to a game key reselling site instead, like wtf? What was the whole point of this whole e-mail? Was this a weird try to make advertisements for more than one website? It wasn't even a ref-link or something like that. It was just weird, iunno.

Comments
  • 12
    They now know this email adress exists and will keep you on the spam list.
  • 2
    @Codex404 How do they know? Do they get some sort of "yes, this e-mail got opened"-notification or something? I honestly don't know
  • 9
    @cave multiple ways of doing it. Most newsletters have it as well by adding a 1*1GIF to it with a link which does a request to a server.

    So something in the image is my guess.
  • 1
    @Codex404 Okay, I will take a closer look at it tomorrow, I'm curious if this mail was just scam gone wrong or if they really tricked me using my curiosity
  • 2
    You can embed bit.ly links into emails and check if they are clicked. That's an easy way. @cave
  • 4
    If they are using a service like mail chimp, it embeds a pixel image which will track the opened email, and if they want to they can use traceable urls which look spammy but if you follow them, they also add to the logs for “analytical” purposes.

    So they now know this email was accepted by the mail server, was opened by someone, and a link was followed confirming in full this email address is active.
  • 3
    The tracking image could also be the ad itself, no pixel gif needed.

    Maybe they thought that someone who just clicked a random image host ad in an otherwise empty mail supposedly send by PayPal would not notice what the fuck is even happening and is probably interested in cheap, stolen game keys
  • 0
    Yes it could be a hacker targeting you.

    From a hacker prespective: its an easy and effective way in the target enumeration phase.

    Why?: because by simply receiving the email(even if u didnt open it) hacker would get your IP address which can be used to attack your machine :)
  • 2
    @cave absolutely! There are many tools for tracking email campaigns. Same as google analytics and its fucking detailed
  • 2
    @Codex404 exactly. Even fb use this method in his like, comment etc... apis to track people outside fb
  • 0
    Still a form of phishing
Your Job Suck?
Get a Better Job
Add Comment