Slashdot Mirror
How Well Do Businesses Respond to Phishing Reports?
FuzzyDaddy asks: "When I receive a phishing email, which I find has some new or interesting technique, I will usually forward it to the appropriate abuse department. I recently got one concerning 'my' paypal account (surprising, since I don't have one), which I forwarded to abuse@paypal.com. I received an automated reply telling me to 'please direct all customer service inquires through our website.' I didn't have time to do that, so I let it go. Is paypal being irresponsible, here? Have others on Slashdot been satisfied with their attempts to report Phishing?"
Paypal does have an e-mail address to forward them to, it's just not "abuse". Forward the e-mails to spoof@paypal.com. They actually do take these pretty seriously.
What I like to do until the site gets taken down is to fill out their form with bogus information, then after submitting it, hit the refresh button. It'll ask me if I want to submit the form again, and I'll say "yes". I'll just sit there for a while hitting F5 and enter just to fill their results with bogus crap.
I know a lot of people actually fall for them. I always tell them that the surefire way to tell if it's a spoof is to put a fake username/password in when prompted. Not only do they then get fake information, but if it gets accepted, you know that the site is fake. I've gotten my whole family to start doing this after my sister fell for one.
Fake Email/Website (Spoof, Phishing)
Paypal, eBay, Amazon, etc all have pretty good security centres. I am surprised that abuse@paypal.com gave that automated reply, but if you visit their website the security centre is prett yeasy to find. You might not get a personalised response to your report because they get so darn many reports, but they do follow through on all reports.