Re: [Full-Disclosure] PayPal issues another blow to user security

[Seth Fogie <seth@fogieonline.com>]

If you enter the official https://www.paypal.com site and click on the 
Paypal credit card link, you will be directed to www.paypalcreditcard.com...

So, it is most likely a valid link...



Exibar wrote:

> The e-mail response from PayPal sounded more like a "canned" response than
> an actual human response.  I would image that they simply have a rule setup
> that looks for links within a message and if it doesn't have
> https://www.paypal.com then it spits back that canned message.  On the other
> hand, it could simply be a college kid that is working at PayPal to make a
> few extra bucks and just saw that the link didn't point to
> https://www.paypal.com and hit the "send canned response" button.
>
>  Either way, PayPal should mention something about it on their site's
> homepage.  It is very irresponsible of them not to.
>
>  Exibar
>
> ----- Original Message ----- 
> From: "Mary Landesman" <mlande@bellsouth.net>
> To: "Rob Adams" <rob@ebeep.org>; "Aaron Horst" <anthrax101@yahoo.com>
> Cc: <full-disclosure@lists.netsys.com>
> Sent: Wednesday, December 17, 2003 1:23 PM
> Subject: Re: [Full-Disclosure] PayPal issues another blow to user security
>
>
>  
>
> > I think the response speaks more of the tunnel vision of the person
> > answering the email. PayPal and Providian entered a partnership in Feb
> >    
> 2001.
>  
>
> > At the time, Providian apparently took a huge stake in PayPal equity
> > (estimates placed it at between $100 - $200 million) and the two companies
> > agreed to co-brand the credit cards. See Forbes for details:
> > http://www.forbes.com/2001/02/07/0207eccommerce.html
> >
> > The legal agreement between the two parties, dated March 2002, can be
> >    
> found
>  
>
> > here:
> >
> >    
> http://techdeals.startup.findlaw.com/agreements/paypal/providian.card.2002.03.01.html
>  
>
> > The June 2001 press release announcing the site, and sponsored by both
> > parties, can be found here:
> >
> >    
> http://www.findarticles.com/cf_dls/m4PRN/2001_June_18/75602419/p1/article.jhtml
>  
>
> > Perhaps PayPal might wish to take the opportunity to ensure the folks
> > answering email at spoof@paypal.com are versed in company partnerships and
> > policies.
> >
> > Regards,
> > Mary Landesman
> > Antivirus About.com Guide
> > http://antivirus.about.com
> >
> > ----- Original Message ----- 
> > From: "Rob Adams" <rob@ebeep.org>
> > To: "Aaron Horst" <anthrax101@yahoo.com>
> > Cc: <full-disclosure@lists.netsys.com>
> > Sent: Wednesday, December 17, 2003 12:09 PM
> > Subject: Re: [Full-Disclosure] PayPal issues another blow to user security
> >
> >
> > [[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]]
> >
> > Aaron Horst reported earlier this week that Paypal violates their own
> > anti-phish policy. He received an official email that included a
> > clickable link to "paypalcreditcard.com." Their stated policy is that
> > they will only ever link to "paypal.com." Paypalcreditcard.com appears
> > to be a legitimate web site operated by Paypal's business partner,
> > Providian Financial Corporation.
> >
> > I received a similar solicitation. I forwarded it to the
> > "spoof@paypal.com." I think you'll enjoy the response:
> >
> > =================
> >
> > Dear Rob Adams,
> >
> > Thank you for contacting PayPal.
> >
> > Thank you for bringing this suspicious email to our attention. We can
> > confirm that the email you received; was not sent to you by PayPal. The
> > website linked to this email is not a registered URL authorized or used
> > by PayPal. We are currently investigating this incident fully. Please
> > do not enter any personal or financial information into this website.
> >
> > If you have surrendered any personal or financial information to this
> > fraudulent website, you should immediately log into your PayPal Account
> > and change your password and secret question and answer information.
> > Any compromised financial information should be reported to the
> > appropriate parties.
> >
> > If you notice any unauthorized activity associated with your PayPal
> > transaction history, please immediately report this to PayPal by
> > following the instructions below:
> >
> > 1.  Go to https://www.paypal.com/
> > 2.  Click on the Security Center at the bottom of the page
> > 3.  Click on "Report a Problem"
> > 4.  Select the Topic: Report Fraud
> > 5:  Select the Subtopic: Unauthorized use of my PayPal Account, and
> > click Continue.
> > 6.  Follow the instructions to access the appropriate form
> >
> > If you have any further questions, please feel free to contact us
> > again.
> >
> > =======================
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >    
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html