Phish On! All’s Well That Ends Well

Thank goodness that at least eBay responds quicker and with a bit more grace than does PayPal. I sent off my email to the [email protected] address, and within an hour, received my reply. The reply was a very gracious message of appreciation for alerting them to the problem, along with some tips on avoiding such predators. Now, this new phishing site appears to be relatively new: one security site only seems to have acknowledged this particular bugger as recently as this week; however, there does seem to be an enormous amount of phishing aimed at PayPal customers.

Of course, this makes sense, from a social engineering standpoint: people who use eBay (and by extension, PayPal) are, in large numbers, normal non-business people looking to buy or sell stuff quickly. As such, they present a large body of people with very sensative information online and statistically very little knowledge of Internet security. If you’re going to target anyone on the net, right after the porn enthusiasts, you would start here.

So in the end my experience, while not at all a scientific analysis of the situation, proves to me that PayPal is still pretty much deserving of its lousy reputation, even if eBay customers are prime targets for such attacks. Speaking as a person who works in customer service of a type, this kind of concern seems to be the kind of thing that a good company has a ready and satisfying answer for. Sadly, PayPal did not have that.

One could argue that perhaps one rep made a mistake. This is true, and certainly I have seen and participated in my share of mistakes. At the same time, a good company puts safegaurds in place to see that such mistakes do not happen. This is a very big mistake, in my estimation, because if a person who knows what they are talking about is unable to communicate such vitally important information to a person paid to look out for this type of thing, then its not the rep’s fault: it’s the company’s.