Another company that doesn't want my help
Abstract:
PayPal.
Body:
Today I received yet another one of those PayPal
phishing emails. I always click on the links to see if the site has been shut
down yet. This time, the email linked to
http://paypalsecuritycenter.net/
which forwarded to
http://paypalsecuritycenter.net/webscr.php?cmd=LogIn.
The text for the link tried to tell me that I was going to
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run.
This is what the site looked like. I tried a WHOIS lookup but got nothing, so it must be a recent registration. I'm sure it won't last long, but it will last long enough.
I decided to be a good citizen and report this to PayPal using this form in their Security Center. Here is their automated reply:
Dear Michael Wyszomierski,
Thank you for writing to PayPal regarding the email you received.
Because this is not an eBay or PayPal member, website, or email, we are
unable to determine if this email is legitimate. While it may be
considered spam or possibly even fraudulent, it is not something we can
determine on behalf of other companies. This email should be reported to
the company that appeared to send it for their assistance and
investigation. Normally, to do this, you would substitute the word
"abuse" in place of the name in front of the @ symbol. For example, if
the email was sent from user@goodmail.com, you would send your report to
abuse@goodmail.com.
In addition, you may also want to see if online customer support is
available for this company. As for eBay, please forward any suspicious
emails to spoof@ebay.com for our review and investigation. I also invite
you to take this time to familiarize yourself with eBays Security Center
for helpful information on this topic. A link to our Security Center can
be found below:
http://pages.ebay.com/securitycenter/index.html
Thank you again for reporting this email. I hope this information will
be helpful.
Sincerely,
PayPal Account Review Department
Okay thanks a lot, PayPal. I'll go right ahead and forward it to abuse@paypal.com and spoof@paypal.com, because PayPal.com is the domain of the spoofed "From" header. I look forward to your automated responses to those. And I appreciate your typo in the last paragraph: eBays Security Center. That's professional.
Update:
Looks like forwarding to spoof@paypal.com is the way to go:
Dear Michael Wyszomierski,
Thank you for contacting PayPal. We appreciate you bringing this
suspicious email to our attention.
Commonly referred to as phishing, these emails are sent by fraudsters in
an attempt to collect sensitive personal or financial information from
the recipients. PayPal takes phishing threats seriously. Our fraud
prevention specialists are working 24/7 to help protect you and enable
the community to stay safe.
After review, we can confirm that the email you received was not sent by
PayPal. Any website which may be linked to this email is not authorized
or used by PayPal.
Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.
This is what the site looked like. I tried a WHOIS lookup but got nothing, so it must be a recent registration. I'm sure it won't last long, but it will last long enough.
I decided to be a good citizen and report this to PayPal using this form in their Security Center. Here is their automated reply:
Dear Michael Wyszomierski,
Thank you for writing to PayPal regarding the email you received.
Because this is not an eBay or PayPal member, website, or email, we are
unable to determine if this email is legitimate. While it may be
considered spam or possibly even fraudulent, it is not something we can
determine on behalf of other companies. This email should be reported to
the company that appeared to send it for their assistance and
investigation. Normally, to do this, you would substitute the word
"abuse" in place of the name in front of the @ symbol. For example, if
the email was sent from user@goodmail.com, you would send your report to
abuse@goodmail.com.
In addition, you may also want to see if online customer support is
available for this company. As for eBay, please forward any suspicious
emails to spoof@ebay.com for our review and investigation. I also invite
you to take this time to familiarize yourself with eBays Security Center
for helpful information on this topic. A link to our Security Center can
be found below:
http://pages.ebay.com/securitycenter/index.html
Thank you again for reporting this email. I hope this information will
be helpful.
Sincerely,
PayPal Account Review Department
Okay thanks a lot, PayPal. I'll go right ahead and forward it to abuse@paypal.com and spoof@paypal.com, because PayPal.com is the domain of the spoofed "From" header. I look forward to your automated responses to those. And I appreciate your typo in the last paragraph: eBays Security Center. That's professional.
Update:
Looks like forwarding to spoof@paypal.com is the way to go:
Dear Michael Wyszomierski,
Thank you for contacting PayPal. We appreciate you bringing this
suspicious email to our attention.
Commonly referred to as phishing, these emails are sent by fraudsters in
an attempt to collect sensitive personal or financial information from
the recipients. PayPal takes phishing threats seriously. Our fraud
prevention specialists are working 24/7 to help protect you and enable
the community to stay safe.
After review, we can confirm that the email you received was not sent by
PayPal. Any website which may be linked to this email is not authorized
or used by PayPal.
Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.
Posted: Sunday - December 04, 2005 at 02:51 PM
Quick Links
Statistics
Total entries in this blog:
Total entries in this category:
Published On: May 06, 2007 09:06 PM
Total entries in this category:
Published On: May 06, 2007 09:06 PM