FC: Paypal responds to "spam scam" that uses their service

[Declan McCullagh <declan () well com>]

[forwarded with permission]

*********

From: Vince Sollitto <vsollitto () paypal com>
To: "'declan () well com'" <declan () well com>
Subject: RE: Apparent spam scam using Paypal -- watch out for mystery links
Date: Fri, 26 Jan 2001 13:05:31 -0800

Declan,

Saw your mention of the Betty Hill email and spoof site in today's Politech.
Your analysis and moral are dead on: don't click on links you don't
recognize as legit, and don't enter your password unless you're sure you're
on the secure site of the company.  The best way to be sure is to type it
yourself.

There have been other instances of email solicitations and spoof sites in
the past; the infamous "PayPai" site of last summer is perhaps the most well
known.  Our users are usually savvy enough to be suspicious of such emails
and odd URLs, and avoid clicking on them and surrendering their passwords.
When we discover such campaigns, we warn our users and work with authorities
to bring such sites down.  We are doing so with "Betty Hill."

The best way to prevent these scenarios is through user education.  To that
end, we provided security tips in a recent company e-newsletter, regularly
post warnings and reminders on public message boards, and have a "Security
Tips" page with info linked off a footer on our home page
(http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fraud-prevention-outside).
Also, just last week, we posted a mandatory "click-through" page regarding
spoof sites and steps to take to avoid and report them, on every PayPal
account, which users had to read before accessing their account info.

We are hopeful that this continuing education campaign, combined with
aggressive investigative and enforcement efforts, will successfully prevent
this issue from becoming more serious.  Thanks for your help in spreading
the word.

Pls feel free to contact me if I can ever be of assistance.

Cheers,
Vince Sollitto
Vice President, Corporate Communications
PayPal, Inc.
650-251-1207
vince () paypal com

>-----Original Message-----
>From: Declan McCullagh <declan () well com>
>To: politech () politechbot com <politech () politechbot com>
>Date: Friday, January 26, 2001 12:30 PM
>Subject: FC: Apparent spam scam using Paypal -- watch out for mystery links
>
>
>>I've left some of the message headers intact, so we can see that this
>>apparent spam scam originates overseas; not much the FTC could do.
>>
>>Moral of this story: Be wary of mystery links, like paypaladmin.cjb.net
>>you get via email. Don't give your account info unless you're sure it's
>>legit.
>>
>>-Declan




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------