PhishTank is operated by OpenDNS, a free service that makes your Internet safer, faster, and smarter. Get started today!

PayPal wants to wish you a Merry Christmas

posted by John Roberts on December 9th, 2006 in PhishTank, Voting, Verifying phishes

Submission 40965 is NOT a phish.

The PhishTank community is slowly reaching the right conclusion. Emphasis on slowly. But it’s hardly the community’s fault.

The site is http://www.paypalchristmas.co.uk/. It is not operated by PayPal, as you can tell on the Technical Details tab of #40965, adding to the confusion!

But the site is affiliated with and approved by PayPal.

Given their high profile (#2 in November 2006, for example), PayPal should think very carefully about using alternate URLs for anything with their name on it. Submissions 42483 and 42482 are additional examples where the site is legitimately affiliated with PayPal, but it is very hard to know that without digging deep.

But a company’s domains are their choice. I simply wanted to draw the attention of the PhishTank community to this example, as I’ve done with other examples.

Firefox 2.0 improperly calls this site a phish. IE 7 is confused, some times saying it’s a phish, some times saying it doesn’t know. I’d like to encourage PhishTank to get it right.

So, vote wisely. Vote NOT a phish. Please. ;-)

P.S. eBay (parent company of PayPal) hosts images and other, well, static content at the genuine domain ebaystatic.com is a genuine domain, so submission 46522 is also NOT a phish.

P.P.S. 42482, 42483 and 40965 were submitted by MASA as tests, with approval: they were known to be confusing, but legitimate. The community is passing the test, but I wanted to hurry the process along. Just wanted to make it clear that MASA is not polluting the Tank here; in fact, MASA is a moderator.

 
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.

9 Responses

  1. DougieLawson

    For http://paypal.promotionexpert.com/holiday/ (42482) I voted that one as “Don’t know”, then I signed on to my Paypal account and sent a question to Paypal about it.

    It certainly isn’t a well designed site, perhaps I’m just suspicious by nature. eBay/Paypal should be encouraged to always use a HTTPS website (with a redirect from http) since they’re constantly a target for the phishermen.

    I don’t think it helped that entry 42482 was missing a screen shot.

    — posted by DougieLawson on December 9th, 2006 at 12:33 am

  2. moike

    Some times I wonder if Paypal even cares about phishing. Having their site flagged as a fraud by some toolbars should at least make them pay attention.

    — posted by moike on December 9th, 2006 at 12:51 am

  3. someone1234

    Well, having seen MASA submitted them, it definitely made me biased towards declaring them phish. Then i wondered, heh, even the experts could be mislead.
    This explains.

    — posted by someone1234 on December 9th, 2006 at 12:44 pm

  4. funchords

    Remember that PhishTank picks up URLs from user-submitted e-mail. Usually, PhishTank automatically picks right — but sometimes it grabs a different URL than the phishy one. So, ignore the submitter’s name when deciding Phish or Not Phish.

    — posted by funchords on December 10th, 2006 at 8:48 am

  5. PatheticCockroach

    To moike : in my opinion, they even like phishing, because if an account gets “hacked” it will provide them with a good reason to lock the funds in all related accounts… (yes, I’m mean :) )

    — posted by PatheticCockroach on December 10th, 2006 at 3:35 pm

  6. MASA

    Actually, someone1234:

    John wanted me to submit those sites. So I submitted them as a test for the community. I already knew they were both not a phish.

    — posted by MASA on December 10th, 2006 at 6:26 pm

  7. JustaPerson

    Thanks a good point, someone1234. I have sometimes quickley hit “is a phish” beacause of the person who submitted it only to then look closer and see that it wasn’t one.

    There are times that I am verifying url’s that are part of a “series” only to absent-mindedly verify a vlaid url was NOT part of that series.

    — posted by JustaPerson on December 11th, 2006 at 3:03 pm

  8. Christopher

    I know these were submitted on purpose, but to those who voted Yes: what were you thinking?

    There’s a guide to spotting a phishing URL in an email on this site, but how about a guide helping people whether a site itself is phishy?

    Looking at the sites above show that there was no forms asking for personal details, and the “Sign in” link genuinely pointed to the real PayPal site, so I can’t see how you could infer criminal intent.

    It seems that some people are too hasty and are judging books by their cover (or site by their URL :)

    — posted by Christopher on January 7th, 2007 at 4:58 pm

  9. John Roberts

    Christopher, that same guide has a website version.

    http://www.phishtank.com/what_is_phishing.php?view=website

    — posted by John Roberts on January 8th, 2007 at 4:25 pm

Leave a Reply

Server: pt1