You know those bogus emails you get pretending to be from PayPal, including poisoned links? If you’re the conscientious type, you forward them on to the anti-phishing folks at PayPal, right? You’ll usually get a response saying something like You’re right, it does look suspicious:
Banks and financial institutions are fond of lecturing customers about the perils of phishing emails, the bogus messages that attempt to trick marks into handing over their login credentials to fraudulent sites. Yet many undo this good work by sending out emails themselves that invite users to click on a link and log into their account rather than going a safer route and telling users to use bookmarked versions of their site.
The problems of the former approach are neatly illustrated by a blog posting by Randy Abrams, a former Microsoft staffer who is now director of technical education at anti-virus firm Eset. Abrams complained about the inclusion of a link in an email from PayPal as it looked rather too much like a phishing email.
I’ve noticed a number of rather more sophisticated phishing attempts in the last couple of weeks, which makes this PayPal error all the more dangerous . . . because it lowers peoples’ wariness about other legitimate-seeming messages.
