On Sun, 21 Dec 2003 11:32:28 +1200, Franck Martin said: > For example, you receive an e-mail telling you that there has been a > security breach at PayPal, and you need to log into the site and correct > your info, by using the bogus link they provide.
"Some mornings it just doesn't seem worth it to gnaw through the leather straps." -- Emo Phillips The attached note certainly gave me that sort of feeling...
--- Begin Message ---Just when I thought that PayPal may actually care for their customers, I get the following message in my inbox: ------------------------------- Dear *********, This holiday season... Put PayPal Visa® at the top of your list! 0% Intro APR* for purchases. PLUS: - $5 credit the first time you use your card - No PayPal sending limit - up to available credit on your card - No annual fee - New card designs to choose from! https://www.paypalcreditcard.com/paypalbanner?banner_id=paypal/email/ You'll have an online response in about 30 seconds. * The intro APR on purchases applies for 3 billing periods after account opening. For complete pricing information and important terms and conditions, click here. https://www.paypalcreditcard.com/paypalbanner?banner_id=paypal/email/ This PayPal notification was sent to ******. Your notification preferences are set to receive the PayPal Periodical newsletter and Product Updates when you create a PayPal account. To modify your notification preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes may take several days to be reflected in our mailings. For more information about the security of your information, read our Privacy Policy at https://www.paypal.com/privacy. Replies to this email will not be processed; if you would like to contact PayPal, please go to our online Help Center. If you previously asked to be excluded from Providian product offerings and solicitations, they apologize for this e-mail. Every effort was made to ensure that you were excluded from this e-mail. If you do not wish to receive promotional e-mail from Providian, go to http://removeme.providian.com. Copyright© 2003 PayPal, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. ------------------------------- (NOTE: UID's removed) I put it off as just another ploy to get your vital information such as Social Security number, but decide to check it out anyway. What do you know, it's an "official" PayPal site! (See: https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782 ) After all the work that others have done to help people keep their vital details safe, Providian spams all of the PayPal user base with advertisements to put your personal details into a "PayPal" site that is hosted on "www.paypalcreditcard.com"! This even goes against their own stated policy on avoiding web scams: “The term "spoofing" and "phishing" have been used to describe the act of collecting personal information using a fake email in order to commit identity theft, credit card and Internet fraud. If you receive an email that appears to come from PayPal and you click on a link, check to make sure the web address at the top of your web browser reads exactly www.paypal.com.” -- https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=56413 This issue is a blow to me personally, as I have told many people time and again not to click on any links in any email that claims to be from PayPal, Ebay, or other scammer oriented target. This massively undermines the efforts that many people have put into ensuring that less then savvy users still are able to keep their private info private. I hope that PayPal or any of their affiliates never do something like this again. __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
--- End Message ---
pgp00000.pgp
Description: PGP signature
