PayPal wants to wish you a Merry Christmas
posted by John Roberts on December 9th, 2006 in PhishTank, Verifying phishes, Voting
Submission 40965 is NOT a phish.
The PhishTank community is slowly reaching the right conclusion. Emphasis on slowly. But it’s hardly the community’s fault.
The site is http://www.paypalchristmas.co.uk/. It is not operated by PayPal, as you can tell on the Technical Details tab of #40965, adding to the confusion!
But the site is affiliated with and approved by PayPal.
Given their high profile (#2 in November 2006, for example), PayPal should think very carefully about using alternate URLs for anything with their name on it. Submissions 42483 and 42482 are additional examples where the site is legitimately affiliated with PayPal, but it is very hard to know that without digging deep.
But a company’s domains are their choice. I simply wanted to draw the attention of the PhishTank community to this example, as I’ve done with other examples.
Firefox 2.0 improperly calls this site a phish. IE 7 is confused, some times saying it’s a phish, some times saying it doesn’t know. I’d like to encourage PhishTank to get it right.
So, vote wisely. Vote NOT a phish. Please. 
P.S. eBay (parent company of PayPal) hosts images and other, well, static content at the genuine domain ebaystatic.com is a genuine domain, so submission 46522 is also NOT a phish.
P.P.S. 42482, 42483 and 40965 were submitted by MASA as tests, with approval: they were known to be confusing, but legitimate. The community is passing the test, but I wanted to hurry the process along. Just wanted to make it clear that MASA is not polluting the Tank here; in fact, MASA is a moderator.
Leave a response below, or send a trackback from your own site.
For http://paypal.promotionexpert.com/holiday/ (42482) I voted that one as “Don’t know”, then I signed on to my Paypal account and sent a question to Paypal about it.
It certainly isn’t a well designed site, perhaps I’m just suspicious by nature. eBay/Paypal should be encouraged to always use a HTTPS website (with a redirect from http) since they’re constantly a target for the phishermen.
I don’t think it helped that entry 42482 was missing a screen shot.
Some times I wonder if Paypal even cares about phishing. Having their site flagged as a fraud by some toolbars should at least make them pay attention.
Well, having seen MASA submitted them, it definitely made me biased towards declaring them phish. Then i wondered, heh, even the experts could be mislead.
This explains.
Remember that PhishTank picks up URLs from user-submitted e-mail. Usually, PhishTank automatically picks right — but sometimes it grabs a different URL than the phishy one. So, ignore the submitter’s name when deciding Phish or Not Phish.
To moike : in my opinion, they even like phishing, because if an account gets “hacked” it will provide them with a good reason to lock the funds in all related accounts… (yes, I’m mean
)
Actually, someone1234:
John wanted me to submit those sites. So I submitted them as a test for the community. I already knew they were both not a phish.
Thanks a good point, someone1234. I have sometimes quickley hit “is a phish” beacause of the person who submitted it only to then look closer and see that it wasn’t one.
There are times that I am verifying url’s that are part of a “series” only to absent-mindedly verify a vlaid url was NOT part of that series.
I know these were submitted on purpose, but to those who voted Yes: what were you thinking?
There’s a guide to spotting a phishing URL in an email on this site, but how about a guide helping people whether a site itself is phishy?
Looking at the sites above show that there was no forms asking for personal details, and the “Sign in” link genuinely pointed to the real PayPal site, so I can’t see how you could infer criminal intent.
It seems that some people are too hasty and are judging books by their cover (or site by their URL
Christopher, that same guide has a website version.
http://www.phishtank.com/what_is_phishing.php?view=website