Heck, I wonder how many people actually clicked on www.paypalcreditcard.com after PayPal stating never, ever to click on a site other than https://www.paypal.com ..... I'm sure a few did, but what a really foolish marketing decision they made to use www.paypalcreditcard.com ...
Exibar ----- Original Message ----- From: "Dom Gallagher" <[EMAIL PROTECTED]> To: "Rob Adams" <[EMAIL PROTECTED]> Cc: "Aaron Horst" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, December 17, 2003 2:22 PM Subject: Re: [Full-Disclosure] PayPal issues another blow to user security > At 11:09 AM 12/17/2003, Rob Adams wrote: > >[[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]] > > > >Aaron Horst reported earlier this week that Paypal violates their own > >anti-phish policy. He received an official email that included a clickable > >link to "paypalcreditcard.com." Their stated policy is that they will only > >ever link to "paypal.com." Paypalcreditcard.com appears to be a legitimate > >web site operated by Paypal's business partner, Providian Financial > >Corporation. > > > >I received a similar solicitation. I forwarded it to the > >"[EMAIL PROTECTED]" I think you'll enjoy the response: > > > >================= > > > >Dear Rob Adams, > > > >Thank you for contacting PayPal. > > > >Thank you for bringing this suspicious email to our attention. We can > >confirm that the email you received; was not sent to you by PayPal. The > >website linked to this email is not a registered URL authorized or used by > >PayPal. We are currently investigating this incident fully. Please do not > >enter any personal or financial information into this website. > >If you have surrendered any personal or financial information to this > >fraudulent website, you should immediately log into your PayPal Account > >and change your password and secret question and answer information. Any > >compromised financial information should be reported to the appropriate > >parties. > >If you notice any unauthorized activity associated with your PayPal > >transaction history, please immediately report this to PayPal by following > >the instructions below: > >1. Go to https://www.paypal.com/ 2. Click on the Security Center at the > >bottom of the page > >3. Click on "Report a Problem" > >4. Select the Topic: Report Fraud > >5: Select the Subtopic: Unauthorized use of my PayPal Account, and click > >Continue. > >6. Follow the instructions to access the appropriate form > > > >If you have any further questions, please feel free to contact us again. > > Form letter. eBay loves 'em, and now Paypal seem to have jumped on the > bandwagon. > > If you check the original report, Paypal itself links to the so-called > phishing site: https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782 > > Assuming the URLs were not spoofed with any of the usual fun tricks to > catch the point-and-droolers, Paypal are either totally ignoring the actual > content of abuse complaints or deliberately trying to blame the phishers > for a poorly thought out marketing effort. > > D. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
