Paypal’s Unintended Contribution To the Phishing ProblemWritten by Sue Walsh on February 21, 2013
It’s one of the most basic rules of email security. Don’t ever click on a link sent in an email from a company. Go directly to the site instead. This adds a layer of protection against malicious redirects and phishing attacks. Most major financial institutes warn against clicking such links and don’t send them. Then there’s Paypal. It’s the most used payment service in the world and also once of the most commonly brandjacked in phishing attacks. You’d think they’d be one of the loudest voices in the chorus about fighting scammers, but think again. For some unbelievable reason, they send tons of emails with links to the site. Just a few days ago I got one telling me I had received a cash back award for using my debit card, a notice that I’d sent an automatic payment to a service I subscribe to, and an “account statement”. All of them invited me to click a link to log in and get more info! They are doing the same thing phishers and spammers do.
This is extremely dangerous. These days it’s getting more and more difficult to detect phishing emails. The spammers are producing messages that look surprisingly legit and minus the broken English and spelling errors that used to be big red flags. In some cases the only thing that differentiates Paypal’s messages from phishing emails is the fact the phishing emails use the generic “Dear Paypal User” rather than the user’s registered name. Not smart at all. By doing this they are getting users used to expecting links in Paypal emails and that could be disastrous.
Do you think Paypal is being irresponsible? Why or why not?