Online payments outfit PayPal mistook a genuine e-mail it sent to a customer as a rogue phishing attempt.
In a blog, Randy Abrams, director of technical education at online security vendor ESET, says he received a genuine e-mail from PayPal, containing a link.
He forwarded the message to the firm suggesting it stop this practice because links make e-mails look like phishing attempts.
PayPal responded, thanking him for forwarding the "suspicious-looking" message, claiming "it was a phishing attempt".
Says Abrams: "That is why legitimate businesses should NEVER include links to log on pages, or most places. Not even PayPal support can tell the difference between a legitimate PayPal email and a phishing attack."
While PayPal, in common with many financial institutions, does include links in e-mails, it advices customers to watch out for "strange links".