I recently received an demand from PayPal to respond to an email or have my account closed within 24 hours. The fact that it was sent 6am on Saturday morning is one thing, the fact that it was sent in the middle of the UK's Easter Bank Holiday (most places close Friday through to Monday) is quite another. I am currently looking to verify whether the email was a spoof, though current indications look like it is not.
The email is a request to verify the details of my PayPal account, with a link a page where I am requested to complete my personal details, such as credit card and bank details. The page has NO encryption. From my initial checks the server is PayPal's. Their policies indicate that aside from their lack of understanding for data protection and internet security, there are glaring inaccuracies in the documents they have on their site.
So being insensed that I am being asked to fill in personal details over standard HTTP, I decided to send an pretty swift email to the company to find out what is going on.
My initial email gets bounced with a message saying that I need to complete a form. So I comply and head over to the form. The form allows me to complete my complaint in 1000 characters. My email is over 1000 words never mind characters! So I have had to post the email pubically (sorry no links ... yet) and asked them to read it urgently as due to my associated links, web spiders have tended to find my pages rather quickly. Even when the page isn't linked from any other. Their response .... please fill in a form!
Despite me saying that, should I not receive an adequate response from them, either confirming or denying their involvement the email and pages, that I would be contacting their insurers and my credit card companies, to alert them as to the security risk that PayPal are potentially putting their customers at, I seem to have gotten the cold shoulder. If they had given me an email address so that I could have dealt with the situation on a reasonable level, I would have been fine. However, to fob me off as being unimportant is not acceptable.
Expect to hear more details as and when...
Re:Scammers
barbie on 2003-04-23T14:40:43
Even if it is a scam, having read the inaccuracies in their policy documents, it would still be nice to explain to *someone* why they should fix the inaccuracies, otherwise they could still be liable for prosecution.Re:Scammers
WebDragon on 2003-04-23T15:07:56
I guess what I was referring to was this.
Inaccuracies? Can you paste some examples?
Re:Scammers
barbie on 2003-04-23T15:21:12
Thanks, I shall follow that up.I'd rather not post the inaccuracies (as I see them) until PayPal themselves have had a chance to determine whether they are or not.
Re:Are you certain it is PayPal?
barbie on 2003-04-23T15:23:37
The email I had included valid links to PayPal together with an IP address link. Its the IP address that held the insecure page. As yet I haven't ascertained who owns the server.
