On Tue, Aug 13, 2013 at 6:25 AM, John Levine <jo...@iecc.com> wrote: > In article <e1v9ac6-0005vx...@login01.fos.auckland.ac.nz> you write: > >I recently got a another of the standard phishing emails for Paypal, > directing > >me to https://email-edg.paypal.com, which redirects to > >https://view.paypal-communication.com, which has a PayPal EV certificate > from > >Verisign. According to this post > >http://www.onelogin.com/a-paypal-phishing-attack/ it may or may not be a > >phishing attack (no-one's really sure), and this post > >http://www.linuxevolution.net/?p=12 says it is a phishing attack and the > site > >will be shut down by Paypal... back in May 2011. > > > >Can anyone explain this? >
I'm investigating. Definitely a PayPal domain. Not sure why reports of it being phishing would have been confirmed. I've asked the right folks if there was a bug. > I agree that it was not a great idea for Paypal to invent > paypal-communication.com rather than a subdomain of one of their > existing well-known domains such as communication.paypal.com. > An entirely separate discussion though about how one runs lower and higher security things on the same domain given how inflexible the same-origin policy and cookie policies are. I agree these are tricky, but putting everything on one domain is tricky as well... - Andy
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography