[Full-Disclosure] PayPal issues another blow to user security
exibar at thelair.com
Tue Dec 16 15:45:45 GMT 2003
The next thing that we'll see is an www.ebaycreditcard.com site pop up....
Why do these companies always do crap like this. PayPal reminds me of
AOL, with their little advertisement before you can get into your account.
That pisses me off to no end.
----- Original Message -----
From: "Aaron Horst" <anthrax101 at yahoo.com>
To: <full-disclosure at lists.netsys.com>
Cc: <spoof at paypal.com>
Sent: Monday, December 15, 2003 5:08 PM
Subject: [Full-Disclosure] PayPal issues another blow to user security
Just when I thought that PayPal may actually care for
their customers, I get the following message in my
This holiday season...
Put PayPal Visa® at the top of your list!
0% Intro APR* for purchases. PLUS:
- $5 credit the first time you use your card
- No PayPal sending limit - up to available credit on
- No annual fee
- New card designs to choose from!
You'll have an online response in about 30 seconds.
* The intro APR on purchases applies for 3 billing
periods after account opening. For complete pricing
information and important terms and conditions, click
This PayPal notification was sent to
******. Your notification preferences
are set to receive the PayPal Periodical newsletter
and Product Updates when you create a PayPal account.
To modify your notification preferences and
unsubscribe, go to https://www.paypal.com/PREFS-NOTI
and log in to your account. Changes may take several
days to be reflected in our mailings. For more
information about the security of your information,
https://www.paypal.com/privacy. Replies to this email
will not be processed; if you would like to contact
PayPal, please go to our online Help Center.
If you previously asked to be excluded from Providian
product offerings and solicitations, they apologize
for this e-mail. Every effort was made to ensure that
you were excluded from this e-mail. If you do not wish
to receive promotional e-mail from Providian, go to
Copyright© 2003 PayPal, Inc. All rights reserved.
Designated trademarks and brands are the property of
their respective owners.
(NOTE: UID's removed)
I put it off as just another ploy to get your vital
information such as Social Security number, but decide
to check it out anyway. What do you know, it's an
"official" PayPal site! (See:
After all the work that others have done to help
people keep their vital details safe, Providian spams
all of the PayPal user base with advertisements to put
your personal details into a "PayPal" site that is
hosted on "www.paypalcreditcard.com"! This even goes
against their own stated policy on avoiding web scams:
"The term "spoofing" and "phishing" have been used to
describe the act of collecting personal information
using a fake email in order to commit identity theft,
credit card and Internet fraud. If you receive an
email that appears to come from PayPal and you click
on a link, check to make sure the web address at the
top of your web browser reads exactly www.paypal.com."
This issue is a blow to me personally, as I have told
many people time and again not to click on any links
in any email that claims to be from PayPal, Ebay, or
other scammer oriented target. This massively
undermines the efforts that many people have put into
ensuring that less then savvy users still are able to
keep their private info private. I hope that PayPal or
any of their affiliates never do something like this again.
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
Full-Disclosure - We believe in it.
Full-Disclosure is hosted and sponsored by Secunia.