[X4U] Re: X4U Digest, Vol 55, Issue 7

Ralph ralph at avatarbiz.com
Thu Mar 12 18:18:27 PDT 2009 

Just to state it simply:

Paypal is NOT responsible IN ANY WAY for phishing attacks that mimic  
their legitimate company emails.

Phishing is criminal activity. Paypal is as much a victim of the  
crime as are its registered users who fall for the phishing.

I have received phishing emails claiming to be from Bank of America.  
I have received others claiming to be from Wells Fargo.

Are these banks responsible for the phishing emails? NO. They are the  
work of criminals, NOT the banks.

Is the existence of phishing evidence that these banks don't take  
security seriously? NO. It says nothing whatsoever about their  
security policies.

Did I get these emails because I have an account at one of the banks?  
NO. I don't have accounts at either BofA or Wells.

To blame PayPal for the phishing you encountered is just plain wrong.  
PayPal had absolutely nothing to do with it.

Ralph



On Mar 12, 2009, at 3:22 PM, Ed Gould <edgould1948 at comcast.net> wrote:

> It is possible I guess. It seemed though every time I visited paypal
> I would get a few more of these. When I did forward the phishing
> email to them I would get a response saying yes we know about them or
> a thank you for reporting them.
> PAYPAL must have been hacked or I would not have been getting all
> these phishing attacks telling me to update my paypal account. Even
> if they weren't I find it interesting that PAYPAL would tell you to
> update my account when the account was current with all pertinent
> information.
>
> *IF* paypal was trying to communicate with me they blew it because
> there were *SO MANY* emails over a few months. On the OTHER extreme I
> have a monthly account that pays for USENET and when my charge card
> expires I find out because I can't login and I have to set up a new
> account. I complained to them and they say they NEVER email account
> holders for any reason. Personally I find email to me saying my
> credit card is about to expire entirely acceptable.  So there seems
> to be two extreme ways of handling issues.
>
> I have essentially marked as SPAM any communication from PAYPAL as a
> result.  They do(did?) seem to acknowledge that PAYPAL was hacked so
> I am guessing the hack got at least members email address. No
> (erroneous) charges were ever made on my CC.
>
> The small computer world does not seem to take security serious, IMO.
> Its even worse when companies like MS just blow smoke around when it
> comes to security.
>
> Ed
>
>
>
> ------------------------------

More information about the X4U mailing list