lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <028201c3c4d8$648602b0$1214dd80@corp.emc.com>
From: exibar at thelair.com (Exibar)
Subject: PayPal issues another blow to user  security

Heck, I wonder how many people actually clicked on www.paypalcreditcard.com
after PayPal stating never, ever to click on a site other than
https://www.paypal.com .....   I'm sure a few did, but what a really foolish
marketing decision they made to use www.paypalcreditcard.com ...


  Exibar

----- Original Message ----- 
From: "Dom Gallagher" <dgallagher@...rnetusa.net>
To: "Rob Adams" <rob@...ep.org>
Cc: "Aaron Horst" <anthrax101@...oo.com>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, December 17, 2003 2:22 PM
Subject: Re: [Full-Disclosure] PayPal issues another blow to user security


> At 11:09 AM 12/17/2003, Rob Adams wrote:
> >[[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]]
> >
> >Aaron Horst reported earlier this week that Paypal violates their own
> >anti-phish policy. He received an official email that included a
clickable
> >link to "paypalcreditcard.com." Their stated policy is that they will
only
> >ever link to "paypal.com." Paypalcreditcard.com appears to be a
legitimate
> >web site operated by Paypal's business partner, Providian Financial
> >Corporation.
> >
> >I received a similar solicitation. I forwarded it to the
> >"spoof@...pal.com." I think you'll enjoy the response:
> >
> >=================
> >
> >Dear Rob Adams,
> >
> >Thank you for contacting PayPal.
> >
> >Thank you for bringing this suspicious email to our attention. We can
> >confirm that the email you received; was not sent to you by PayPal. The
> >website linked to this email is not a registered URL authorized or used
by
> >PayPal. We are currently investigating this incident fully. Please do not
> >enter any personal or financial information into this website.
> >If you have surrendered any personal or financial information to this
> >fraudulent website, you should immediately log into your PayPal Account
> >and change your password and secret question and answer information. Any
> >compromised financial information should be reported to the appropriate
> >parties.
> >If you notice any unauthorized activity associated with your PayPal
> >transaction history, please immediately report this to PayPal by
following
> >the instructions below:
> >1.  Go to https://www.paypal.com/ 2.  Click on the Security Center at the
> >bottom of the page
> >3.  Click on "Report a Problem"
> >4.  Select the Topic: Report Fraud
> >5:  Select the Subtopic: Unauthorized use of my PayPal Account, and click
> >Continue.
> >6.  Follow the instructions to access the appropriate form
> >
> >If you have any further questions, please feel free to contact us again.
>
> Form letter.  eBay loves 'em, and now Paypal seem to have jumped on the
> bandwagon.
>
> If you check the original report, Paypal itself links to the so-called
> phishing site:
https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782
>
> Assuming the URLs were not spoofed with any of the usual fun tricks to
> catch the point-and-droolers, Paypal are either totally ignoring the
actual
> content of abuse complaints or deliberately trying to blame the phishers
> for a poorly thought out marketing effort.
>
> D.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ