Saturday, August 06, 2005

PayPal - Unintentionally Helping Phishers


Picture credit: Stern
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueIn their zeal to market through email, financial institutions like PayPal sometimes make some really goofy mistakes. Sure, PayPal recognizes that phishing is a huge problem. But they just can't seem to resist outbound email marketing that criminals view the same way a dog looks at a sizzling piece of steak.

Consider the email that I just received from PayPal. No, seriously, this is a real one. I checked the message headers and the source of the message. The subject:

Spot spoof, protect your identity and more...

It included this unintentionally hilarious request:

Protect yourself with tools
Guard yourself against "spoof" emails with the SafetyBar, and against fraudulent websites with the eBay Toolbar...


How long you figure until the first phishing email exhorting the victim to download a less helpful version of the "SafetyBar"? I'm guessing it's already started and the first evil trojans disguised as eBay Toolbars are already installed.

Asking PayPal users to download executables onto their machines is like handing Michael Moore your credit-card at Morton's. You're likely to get a lot more than you bargained for.

And it's ludicrous that PayPal continues to promote this kind of practice, which is certain to be exploited by phishers. Plain and simple - don't download anything you don't need. And never download something at the behest of an email.

The internet is dangerous enough. We don't need PayPal making it worse.

No comments: