Full Disclosure mailing list archives
RE: Posible PayPall Scam? FW: Your PayPal ac
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 06 Mar 2003 14:13:25 +1300
These Paypal spam scams are becoming more common. Here's where to report them at Paypal: https://www.paypal.com/cgi-bin/webscr?cmd=_contact-general-flow
This kind of advice always intrigues me... What can PayPal (or eBay or Amazon or AOL or any of the other popular targets of such scams) do about this? Precious little. They can complain to the service providers involved in the spamming (if they are sent the full Email headers -- unlikely from a substantial proportion of those naive enough to have to ask what they should do about such things) and they can complain to the service providers of the website hosting the bogus "login" form. I guess that saves the concerned user the hassle of learning how to track such contacts down (and PayPal et al. are bound to have better resources for dealing with language translation issues that may seem almost inevitable in such cases). However, it also could significantly delay the processing of the complaint _to_ the service providers that most need to act -- those hosting the web servers or Email accounts in cases where the harvested information is received by Email. Think about it. Someone hatches one of these schemes, buys into a spamming operation for delivery of the bogus Emails and sets the Email in motion. Say the spamhaus successfully delivers 100,000 of these bogus Emails per hour (i.e. 100,000 messages get into real inboxes). Further, let's say that 0.001% of recipients are gullible enough to be taken in by the scam (I have no idea if this is a reasonable ball-park figure -- anyone?? It would partly depend on the relative popularity of the targeted organization and on the relative savvy of that service's clientelle.) Ignoring ramp-up issues (we'll assume the spammers target addresses are randomly distributed around the globe and that delivery-to-read delays have no effect) and assuming the above, the scammer gets one PayPal account per hour his web server is running. Thus, _only_ sending notifications of receiving such scams to PayPal, etc gives the scammers a "get out of jail free" (or at least, a "delay loosing your scam site") card worth at least however many hours delay there is between notifying PayPal and its staff actually even getting through the message queue to consider it. Now, back to PayPal and the specific issue at hand...
https://www.paypal.com/cgi-bin/webscr?cmd=_contact-general-flow
It appears that you have JavaScript disabled, or your browser is incapable of displaying the content below. Please click here for the non-JavaScript version. "here" is: https://www.paypal.com/cgi-bin/webscr?cmd=_contact_no_js I suspect my views on the _SHEER IDIOCY_ of requiring (or at least expecting) those trying to use your "report or investigate a security problem" pages to lower their web browser's security options are sufficiently well-known that I need not say anything here. Anyway, the process is a tad involved, requiring you to select the right "fraud reporting" option from virtually the bottom of a _very_ long list of (mainly mundane) reasons people may have for contacting PayPal. It might be better to point them to: http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/security-main-outside which has three links to, presumably, the most commonly reported "fraud" related issues -- spam, fake sites and unauthorized transactions. https://www.paypal.com/ewf/f=sa_email https://www.paypal.com/ewf/f=sa_fake https://www.paypal.com/ewf/f=sa_unauth Anyway, whichever of the various mechanisms you use, all of the online "send Email to our Customer Service team" pages have a very brief introduction ending with: We will respond to your email as quickly as possible, typically within 2-3 business days. Hopefully that does not reflect the queue length for such reports just to be read -- if so, _only_ reporting such issues to PayPal means the scammer may get as much as a 48-72 user account advantage... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Posible PayPall Scam? FW: Your PayPal account is Limited. Epic (Mar 05)
- RE: Posible PayPall Scam? FW: Your PayPal account is Limited. Richard M. Smith (Mar 05)
- RE: Posible PayPall Scam? FW: Your PayPal ac Nick FitzGerald (Mar 05)
- Re: Posible PayPall Scam? FW: Your PayPal ac Niels Bakker (Mar 06)
- RE: Posible PayPall Scam? FW: Your PayPal ac Nick FitzGerald (Mar 05)
- Re: Posible PayPall Scam? FW: Your PayPal account is Limited. hellNbak (Mar 05)
- Re: Posible PayPall Scam? FW: Your PayPal account is Limited. Information from transientimages.net (Mar 05)
- RE: Posible PayPall Scam? FW: Your PayPal account is Limited. Richard M. Smith (Mar 05)