2006-03-09

Dear John

Dear Paypal,

I received a phishing scam today, it wasn't any good, but it got through my spam filter. I make a note of passing on phishing scams to those services that are being phished. It's quite simple usually, I think, "who do I tell?" and the answer comes to me immediately! abuse@service.com! Of course. Why not, they'll read the email I got, find the host that's responsible and shut them down.

Well. Not Your Service Apparently Apparently PayPal, instead of clicking Forward, typing abuse@paypal.com and Send. I'm supposed to go to the your paypal website, give you my email address (they already have this), the reason I'm contacting you (as if THAT isn't obvious) and - of all things - I have to log in with my paypal password.

Not just that, but you send me these instructions with a handy link to the paypal website. Telling me to click on the link to take me to your website.

Great going Paypal! Are you trying to encourage phishing?

Yours Truely,
Stupified Customer.

Update:
spoof@paypal.com is the correct email address to send phishing mails to. Paypal told me when I logged in to crosscheck my VISA bill against paypal's records.

No comments: