In article <e1v9ac6-0005vx...@login01.fos.auckland.ac.nz> you write: >I recently got a another of the standard phishing emails for Paypal, directing >me to https://email-edg.paypal.com, which redirects to >https://view.paypal-communication.com, which has a PayPal EV certificate from >Verisign. According to this post >http://www.onelogin.com/a-paypal-phishing-attack/ it may or may not be a >phishing attack (no-one's really sure), and this post >http://www.linuxevolution.net/?p=12 says it is a phishing attack and the site >will be shut down by Paypal... back in May 2011. > >Can anyone explain this?
Sure. It's Paypal. If you look at the WHOIS and DNS for paypal-communication.com, they're the same as paypal.com, with DNS at ISC. The web page is hosted at Akamai, who know who their customers are (so they can send them large invoices.) If you read the linuxevolution.net post, the guy got the message, and sent a query to Paypal support. The person who answered it at 3 AM Bangalore time sent the canned "thanks for reporting a phish" message that they send to EVERY SINGLE COMPLAINT, even ones for mail with paypal.com addresses coming from paypal.com servers. In sort of defense, most of the complaints really are about phishes, but I'd think they would be able to do automation to look for their own domains and IP addresses and give the staff a hint that this might be a real one. I agree that it was not a great idea for Paypal to invent paypal-communication.com rather than a subdomain of one of their existing well-known domains such as communication.paypal.com. R's, John _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
