Comments on: PayPal wants to wish you a Merry Christmas

by: John Roberts

Mon, 08 Jan 2007 16:25:56 +0000

Christopher, that same guide has a website version.

http://www.phishtank.com/what_is_phishing.php?view=website

by: Christopher

Sun, 07 Jan 2007 16:58:26 +0000

I know these were submitted on purpose, but to those who voted Yes: what were you thinking?

There’s a guide to spotting a phishing URL in an email on this site, but how about a guide helping people whether a site itself is phishy?

Looking at the sites above show that there was no forms asking for personal details, and the “Sign in” link genuinely pointed to the real PayPal site, so I can’t see how you could infer criminal intent.

It seems that some people are too hasty and are judging books by their cover (or site by their URL

by: JustaPerson

Mon, 11 Dec 2006 15:03:41 +0000

Thanks a good point, someone1234. I have sometimes quickley hit “is a phish” beacause of the person who submitted it only to then look closer and see that it wasn’t one.

There are times that I am verifying url’s that are part of a “series” only to absent-mindedly verify a vlaid url was NOT part of that series.

by: MASA

Sun, 10 Dec 2006 18:26:53 +0000

Actually, someone1234:

John wanted me to submit those sites. So I submitted them as a test for the community. I already knew they were both not a phish.

by: PatheticCockroach

Sun, 10 Dec 2006 15:35:09 +0000

To moike : in my opinion, they even like phishing, because if an account gets “hacked” it will provide them with a good reason to lock the funds in all related accounts… (yes, I’m mean )

by: funchords

Sun, 10 Dec 2006 08:48:36 +0000

Remember that PhishTank picks up URLs from user-submitted e-mail. Usually, PhishTank automatically picks right — but sometimes it grabs a different URL than the phishy one. So, ignore the submitter’s name when deciding Phish or Not Phish.

by: someone1234

Sat, 09 Dec 2006 12:44:39 +0000

Well, having seen MASA submitted them, it definitely made me biased towards declaring them phish. Then i wondered, heh, even the experts could be mislead.
This explains.

by: moike

Sat, 09 Dec 2006 00:51:04 +0000

Some times I wonder if Paypal even cares about phishing. Having their site flagged as a fraud by some toolbars should at least make them pay attention.

by: DougieLawson

Sat, 09 Dec 2006 00:33:40 +0000

For http://paypal.promotionexpert.com/holiday/ (42482) I voted that one as “Don’t know”, then I signed on to my Paypal account and sent a question to Paypal about it.

It certainly isn’t a well designed site, perhaps I’m just suspicious by nature. eBay/Paypal should be encouraged to always use a HTTPS website (with a redirect from http) since they’re constantly a target for the phishermen.

I don’t think it helped that entry 42482 was missing a screen shot.