PayPal says its own e-mails are phishy

PayPal says its own e-mails are phishy

Online payments outfit PayPal mistook a genuine e-mail it sent to a customer as a rogue phishing attempt.

In a blog, Randy Abrams, director of technical education at online security vendor ESET, says he received a genuine e-mail from PayPal, containing a link.

He forwarded the message to the firm suggesting it stop this practice because links make e-mails look like phishing attempts.

PayPal responded, thanking him for forwarding the "suspicious-looking" message, claiming "it was a phishing attempt".

Says Abrams: "That is why legitimate businesses should NEVER include links to log on pages, or most places. Not even PayPal support can tell the difference between a legitimate PayPal email and a phishing attack."

While PayPal, in common with many financial institutions, does include links in e-mails, it advices customers to watch out for "strange links".


Comments: (1)

A Finextra member
A Finextra member 04 December, 2009, 15:36Be the first to give this comment the thumbs up 0 likes

Maybe because it was a system generated reply?!

I too have forwarded emails to them and got the same response back.