[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <03b101c3c4ca$d5d0ba90$c400a8c0@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: PayPal issues another blow to user security
I think the response speaks more of the tunnel vision of the person
answering the email. PayPal and Providian entered a partnership in Feb 2001.
At the time, Providian apparently took a huge stake in PayPal equity
(estimates placed it at between $100 - $200 million) and the two companies
agreed to co-brand the credit cards. See Forbes for details:
http://www.forbes.com/2001/02/07/0207eccommerce.html
The legal agreement between the two parties, dated March 2002, can be found
here:
http://techdeals.startup.findlaw.com/agreements/paypal/providian.card.2002.03.01.html
The June 2001 press release announcing the site, and sponsored by both
parties, can be found here:
http://www.findarticles.com/cf_dls/m4PRN/2001_June_18/75602419/p1/article.jhtml
Perhaps PayPal might wish to take the opportunity to ensure the folks
answering email at spoof@...pal.com are versed in company partnerships and
policies.
Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com
----- Original Message -----
From: "Rob Adams" <rob@...ep.org>
To: "Aaron Horst" <anthrax101@...oo.com>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, December 17, 2003 12:09 PM
Subject: Re: [Full-Disclosure] PayPal issues another blow to user security
[[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]]
Aaron Horst reported earlier this week that Paypal violates their own
anti-phish policy. He received an official email that included a
clickable link to "paypalcreditcard.com." Their stated policy is that
they will only ever link to "paypal.com." Paypalcreditcard.com appears
to be a legitimate web site operated by Paypal's business partner,
Providian Financial Corporation.
I received a similar solicitation. I forwarded it to the
"spoof@...pal.com." I think you'll enjoy the response:
=================
Dear Rob Adams,
Thank you for contacting PayPal.
Thank you for bringing this suspicious email to our attention. We can
confirm that the email you received; was not sent to you by PayPal. The
website linked to this email is not a registered URL authorized or used
by PayPal. We are currently investigating this incident fully. Please
do not enter any personal or financial information into this website.
If you have surrendered any personal or financial information to this
fraudulent website, you should immediately log into your PayPal Account
and change your password and secret question and answer information.
Any compromised financial information should be reported to the
appropriate parties.
If you notice any unauthorized activity associated with your PayPal
transaction history, please immediately report this to PayPal by
following the instructions below:
1. Go to https://www.paypal.com/
2. Click on the Security Center at the bottom of the page
3. Click on "Report a Problem"
4. Select the Topic: Report Fraud
5: Select the Subtopic: Unauthorized use of my PayPal Account, and
click Continue.
6. Follow the instructions to access the appropriate form
If you have any further questions, please feel free to contact us
again.
=======================
Powered by blists - more mailing lists