| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mlande at bellsouth.net (Mary Landesman) Subject: PayPal issues another blow to user security I think the response speaks more of the tunnel vision of the person answering the email. PayPal and Providian entered a partnership in Feb 2001. At the time, Providian apparently took a huge stake in PayPal equity (estimates placed it at between $100 - $200 million) and the two companies agreed to co-brand the credit cards. See Forbes for details: http://www.forbes.com/2001/02/07/0207eccommerce.html The legal agreement between the two parties, dated March 2002, can be found here: http://techdeals.startup.findlaw.com/agreements/paypal/providian.card.2002.03.01.html The June 2001 press release announcing the site, and sponsored by both parties, can be found here: http://www.findarticles.com/cf_dls/m4PRN/2001_June_18/75602419/p1/article.jhtml Perhaps PayPal might wish to take the opportunity to ensure the folks answering email at spoof@...pal.com are versed in company partnerships and policies. Regards, Mary Landesman Antivirus About.com Guide http://antivirus.about.com ----- Original Message ----- From: "Rob Adams" <rob@...ep.org> To: "Aaron Horst" <anthrax101@...oo.com> Cc: <full-disclosure@...ts.netsys.com> Sent: Wednesday, December 17, 2003 12:09 PM Subject: Re: [Full-Disclosure] PayPal issues another blow to user security [[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]] Aaron Horst reported earlier this week that Paypal violates their own anti-phish policy. He received an official email that included a clickable link to "paypalcreditcard.com." Their stated policy is that they will only ever link to "paypal.com." Paypalcreditcard.com appears to be a legitimate web site operated by Paypal's business partner, Providian Financial Corporation. I received a similar solicitation. I forwarded it to the "spoof@...pal.com." I think you'll enjoy the response: ================= Dear Rob Adams, Thank you for contacting PayPal. Thank you for bringing this suspicious email to our attention. We can confirm that the email you received; was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website. If you have surrendered any personal or financial information to this fraudulent website, you should immediately log into your PayPal Account and change your password and secret question and answer information. Any compromised financial information should be reported to the appropriate parties. If you notice any unauthorized activity associated with your PayPal transaction history, please immediately report this to PayPal by following the instructions below: 1. Go to https://www.paypal.com/ 2. Click on the Security Center at the bottom of the page 3. Click on "Report a Problem" 4. Select the Topic: Report Fraud 5: Select the Subtopic: Unauthorized use of my PayPal Account, and click Continue. 6. Follow the instructions to access the appropriate form If you have any further questions, please feel free to contact us again. =======================
Powered by blists - more mailing lists