You might have thought that PayPal would take phishing attacks done in thier name seriously, but alas, at least one representative of this company does not seem to get it. Here is the response to my email alerting the company of a phishing expedition:
Dear Thomas Belknap,
Thank you for writing to PayPal regarding the email you received.
Because this is not an eBay or PayPal member, website, or email, we are unable to determine if this email is legitimate. While it may be considered spam or possibly even fraudulent, it is not something we can determine on behalf of other companies. This email should be reported to the company that appeared to send it for their assistance and investigation. Normally, to do this, you would substitute the word “abuse” in place of the name in front of the @ symbol. For example, if the email was sent from email@example.com, you would send your report to firstname.lastname@example.org.
In addition, you may also want to see if online customer support is available for this company. As for eBay, please forward any suspicious emails to email@example.com for our review and investigation. I also invite you to take this time to familiarize yourself with eBays Security Center for helpful information on this topic. A link to our Security Center can be found below:
Thank you again for reporting this email. I hope this information will be helpful.
PayPal Account Review Department
Now, the funny thing about this is: the agent states that “This email should be reported to the company that appeared to send it for their assistance and investigation”, but that’s what I just got done doing. Even better, the representative confirms in the first line that this is not, in fact, a PayPal website, but then states that he cannot confirm that its a legitamate email. Well, if the email comes address with a PayPal address but does not go to a PayPal webpage, does this not confirm at minimum that something fishy is going on?
It keeps getting funnier: “In addition, you may also want to see if online customer support is available for this company.” I doubt not but that there is an online customer support for this website! I’ll bet they’ll take any information you want to give them, too.
So I did write an email back attempting to clarify the situation, we shall see what comes of it. In the meanwhile, I’m going to email the firstname.lastname@example.org address and see what they have to say. I predict (working as I do for Corporate America as an outsourced technical support rep) that they will undoubtably tell me that since this came from a supposed PayPal email account that I will need to contact PayPal.
This is fun. Wonder what happens when a person who doesn’t know about this stuff tries to report this.
LATE UPDATE:? Check out this Google search for the terms “PayPal Phishing.”? You’d really think that they would be more on the ball than this. . .