Re: [Full-Disclosure] PayPal issues another blow to user security

From: Rob Adams (rob_at_ebeep.org)
Date: 12/17/03

  • Next message: Iván Rodriguez Almuiña: "[Full-Disclosure] eZ remote exploit" 
    To: Aaron Horst <anthrax101@yahoo.com>
Date: Wed, 17 Dec 2003 11:09:38 -0600

    [[Warning -- I do not speak for, nor do I represnt, my employer. --Rob]]

    Aaron Horst reported earlier this week that Paypal violates their own
    anti-phish policy. He received an official email that included a
    clickable link to "paypalcreditcard.com." Their stated policy is that
    they will only ever link to "paypal.com." Paypalcreditcard.com appears
    to be a legitimate web site operated by Paypal's business partner,
    Providian Financial Corporation.

    I received a similar solicitation. I forwarded it to the
    "spoof@paypal.com." I think you'll enjoy the response:

    =================

    Dear Rob Adams,

    Thank you for contacting PayPal.

    Thank you for bringing this suspicious email to our attention. We can
    confirm that the email you received; was not sent to you by PayPal. The
    website linked to this email is not a registered URL authorized or used
    by PayPal. We are currently investigating this incident fully. Please
    do not enter any personal or financial information into this website.
     
    If you have surrendered any personal or financial information to this
    fraudulent website, you should immediately log into your PayPal Account
    and change your password and secret question and answer information.
    Any compromised financial information should be reported to the
    appropriate parties.
     
    If you notice any unauthorized activity associated with your PayPal
    transaction history, please immediately report this to PayPal by
    following the instructions below:
     
    1. Go to https://www.paypal.com/
    2. Click on the Security Center at the bottom of the page
    3. Click on "Report a Problem"
    4. Select the Topic: Report Fraud
    5: Select the Subtopic: Unauthorized use of my PayPal Account, and
    click Continue.
    6. Follow the instructions to access the appropriate form

    If you have any further questions, please feel free to contact us
    again.

    =======================

    Rob Adams

    Aaron Horst wrote:

    >Just when I thought that PayPal may actually care for
    >their customers, I get the following message in my
    >inbox:
    >
    >-------------------------------
    >
    >Dear *********,
    >
    >This holiday season...
    >
    >Put PayPal Visa® at the top of your list!
    >
    >
    >0% Intro APR* for purchases. PLUS:
    >
    >
    >- $5 credit the first time you use your card
    >
    >- No PayPal sending limit - up to available credit on
    >your card
    >
    >- No annual fee
    >
    >- New card designs to choose from!
    >
    >
    >https://www.paypalcreditcard.com/paypalbanner?banner_id=paypal/email/
    >
    >
    >You'll have an online response in about 30 seconds.
    >
    >* The intro APR on purchases applies for 3 billing
    >periods after account opening. For complete pricing
    >information and important terms and conditions, click
    >here.
    >
    >
    >https://www.paypalcreditcard.com/paypalbanner?banner_id=paypal/email/
    >
    >
    >This PayPal notification was sent to
    >******. Your notification preferences
    >are set to receive the PayPal Periodical newsletter
    >and Product Updates when you create a PayPal account.
    >To modify your notification preferences and
    >unsubscribe, go to https://www.paypal.com/PREFS-NOTI
    >and log in to your account. Changes may take several
    >days to be reflected in our mailings. For more
    >information about the security of your information,
    >read our Privacy Policy at
    >https://www.paypal.com/privacy. Replies to this email
    >will not be processed; if you would like to contact
    >PayPal, please go to our online Help Center.
    >
    >If you previously asked to be excluded from Providian
    >product offerings and solicitations, they apologize
    >for this e-mail. Every effort was made to ensure that
    >you were excluded from this e-mail. If you do not wish
    >to receive promotional e-mail from Providian, go to
    >http://removeme.providian.com.
    >
    >Copyright© 2003 PayPal, Inc. All rights reserved.
    >Designated trademarks and brands are the property of
    >their respective owners.
    >
    >-------------------------------
    >
    >(NOTE: UID's removed)
    >
    >I put it off as just another ploy to get your vital
    >information such as Social Security number, but decide
    >to check it out anyway. What do you know, it's an
    >"official" PayPal site! (See:
    >https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782
    >)
    >
    >After all the work that others have done to help
    >people keep their vital details safe, Providian spams
    >all of the PayPal user base with advertisements to put
    >your personal details into a "PayPal" site that is
    >hosted on "www.paypalcreditcard.com"! This even goes
    >against their own stated policy on avoiding web scams:
    >
    >“The term "spoofing" and "phishing" have been used to
    >describe the act of collecting personal information
    >using a fake email in order to commit identity theft,
    >credit card and Internet fraud. If you receive an
    >email that appears to come from PayPal and you click
    >on a link, check to make sure the web address at the
    >top of your web browser reads exactly www.paypal.com.”
    >--
    >https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=56413
    >
    >This issue is a blow to me personally, as I have told
    >many people time and again not to click on any links
    >in any email that claims to be from PayPal, Ebay, or
    >other scammer oriented target. This massively
    >undermines the efforts that many people have put into
    >ensuring that less then savvy users still are able to
    >keep their private info private. I hope that PayPal or
    >any of their affiliates never do something like this again.
    >
    >__________________________________
    >Do you Yahoo!?
    >New Yahoo! Photos - easier uploading and sharing.
    >http://photos.yahoo.com/
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Iván Rodriguez Almuiña: "[Full-Disclosure] eZ remote exploit"

    Relevant Pages

    • Cellular-News for Thursday 5th January 2006
      ... Embedded EV-DO Cards in Laptops the Cheapest - report ... Colombia Wireline Cos Face Consolidaton As Mobile Cos Fly ... the Nokia Bluetooth Headset BH-800, ... high-capacity SD Memory Card -- the SDHC ...
      (comp.dcom.telecom)
    • RE: Save each page of report as a file
      ... prior to the report being generated. ... On a daily basis we cut checks to policy holders through our accounts ... filtering capability of the OpenReport method. ... the report is printed on paper then scanned into an imaging system. ...
      (microsoft.public.access.reports)
    • Republicans modeled their torture techniques after Communist Chinese methods
      ... Senate Report Details Torture Policy Origins ... "The techniques used in SERE school, based, in part, on Chinese ...
      (soc.retirement)
    • Re: Problem with VBA Code behind form
      ... >> through which you can see the report. ... graphics card. ... the query calls from the table details of all ... >> selection is limited further by only choosing the records checked on ...
      (microsoft.public.access.forms)
    • Re: Problem with VBA Code behind form
      ... > with Radeon 64Mb graphics card. ... >> show up on the report, ... I'd execute an update query ...
      (microsoft.public.access.forms)