The e-mail response from PayPal sounded more like a "canned" response than an actual human response. I would image that they simply have a rule setup that looks for links within a message and if it doesn't have https://www.paypal.com then it spits back that canned message. On the other hand, it could simply be a college kid that is working at PayPal to make a few extra bucks and just saw that the link didn't point to https://www.paypal.com and hit the "send canned response" button.
Either way, PayPal should mention something about it on their site's homepage. It is very irresponsible of them not to. Exibar ----- Original Message ----- From: "Mary Landesman" <[EMAIL PROTECTED]> To: "Rob Adams" <[EMAIL PROTECTED]>; "Aaron Horst" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, December 17, 2003 1:23 PM Subject: Re: [Full-Disclosure] PayPal issues another blow to user security > I think the response speaks more of the tunnel vision of the person > answering the email. PayPal and Providian entered a partnership in Feb 2001. > At the time, Providian apparently took a huge stake in PayPal equity > (estimates placed it at between $100 - $200 million) and the two companies > agreed to co-brand the credit cards. See Forbes for details: > http://www.forbes.com/2001/02/07/0207eccommerce.html > > The legal agreement between the two parties, dated March 2002, can be found > here: > http://techdeals.startup.findlaw.com/agreements/paypal/providian.card.2002.03.01.html > > The June 2001 press release announcing the site, and sponsored by both > parties, can be found here: > http://www.findarticles.com/cf_dls/m4PRN/2001_June_18/75602419/p1/article.jhtml > > Perhaps PayPal might wish to take the opportunity to ensure the folks > answering email at [EMAIL PROTECTED] are versed in company partnerships and > policies. > > Regards, > Mary Landesman > Antivirus About.com Guide > http://antivirus.about.com > > ----- Original Message ----- > From: "Rob Adams" <[EMAIL PROTECTED]> > To: "Aaron Horst" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, December 17, 2003 12:09 PM > Subject: Re: [Full-Disclosure] PayPal issues another blow to user security > > > [[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]] > > Aaron Horst reported earlier this week that Paypal violates their own > anti-phish policy. He received an official email that included a > clickable link to "paypalcreditcard.com." Their stated policy is that > they will only ever link to "paypal.com." Paypalcreditcard.com appears > to be a legitimate web site operated by Paypal's business partner, > Providian Financial Corporation. > > I received a similar solicitation. I forwarded it to the > "[EMAIL PROTECTED]" I think you'll enjoy the response: > > ================= > > Dear Rob Adams, > > Thank you for contacting PayPal. > > Thank you for bringing this suspicious email to our attention. We can > confirm that the email you received; was not sent to you by PayPal. The > website linked to this email is not a registered URL authorized or used > by PayPal. We are currently investigating this incident fully. Please > do not enter any personal or financial information into this website. > > If you have surrendered any personal or financial information to this > fraudulent website, you should immediately log into your PayPal Account > and change your password and secret question and answer information. > Any compromised financial information should be reported to the > appropriate parties. > > If you notice any unauthorized activity associated with your PayPal > transaction history, please immediately report this to PayPal by > following the instructions below: > > 1. Go to https://www.paypal.com/ > 2. Click on the Security Center at the bottom of the page > 3. Click on "Report a Problem" > 4. Select the Topic: Report Fraud > 5: Select the Subtopic: Unauthorized use of my PayPal Account, and > click Continue. > 6. Follow the instructions to access the appropriate form > > If you have any further questions, please feel free to contact us > again. > > ======================= > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
