Dave's Free Press: Journal

violence, pornography, and rude words for the web generation


Recent posts


Recently commented posts


Journals what I read

geeky politics rant silly religion meta music perl weird drinking culture london language transport sport olympics hacking media maths web photography etiquette spam amazon film bastards books bryar holidays palm telecoms cars travel yapc bbc clothes rsnapshot phone whisky security home radio lolcats deafness environment curry art work privacy iphone linux bramble unix go business engineering kindle gps economics latin anglo-saxon money cars environment electronics
Tue, 26 Sep 2006

Paypal's anti-phishing advice

Oh dear. I just got email from Paypal (and yes, it really is from Paypal - I, unlike most people, know how to check it out properly) advising me about how to protect myself from being ripped off by fraudsters sending spam emails which merely claim to be from Paypal but which actually direct you off elsewhere so they can steal your Paypal username and password. This practice is commonly known as "phishing".

Trouble is, to an unsophisticated eye, phishers' emails look just like Paypal's real emails. What Paypal should do is simply never email their customers except in direct response to the customer doing something on their site, such as sending someone some money. That way, less technologically-literate customers can simply ignore all unexpected mails "from Paypal" and be safe.

That behaviour is good enough for my bank, so I wonder why Paypal don't do it.

And before anyone mutters about what would happen if someone sends me money (which I obviously want to know about) - the person sending it should tell me. And I'll probably make an exception for when I'm selling something through ebay too.

Posted at 22:15 by David Cantrell
keywords: geeky | spam
Permalink | 3 Comments

Doesn't really take much to check the email to make sure it is legit. But you are right, most don't. It's a problem with the internet nowadays - most peeps on it are incompetent boobs who can't do the most basic of tasks without it all being wysiwig.

I keep getting phishing emails about my PayPal account. I just delete them.

Posted by Mary on Wed, 27 Sep 2006 at 03:51:27

"What's this email? I've bought a vibrator for 800? What? Oh, I'll just click the friendly login link put here for me and check out what's going on... what do you mean my login is incorrect? Durrrrrrrrrr."

Posted by Ben on Wed, 27 Sep 2006 at 11:47:20

I don't think it's fair to say people are incompetent just because they aren't aware of the Received header from RFC 2822. They're ignorant, that's true, but not incompetent. Of course, this problem will go away next year when we have an all-pervasive easy-to-use PKI!

Posted by David Cantrell on Wed, 27 Sep 2006 at 15:05:43

Sorry, this post is too old for you to comment on it.