How Well Do Businesses Respond to Phishing Reports?

FuzzyDaddy asks: "When I receive a phishing email, which I find has some new or interesting technique, I will usually forward it to the appropriate abuse department. I recently got one concerning 'my' paypal account (surprising, since I don't have one), which I forwarded to abuse@paypal.com. I received an automated reply telling me to 'please direct all customer service inquires through our website.' I didn't have time to do that, so I let it go. Is paypal being irresponsible, here? Have others on Slashdot been satisfied with their attempts to report Phishing?"

Our reports aren't very important

[Nuclear+Elephant]

Our reports aren't very important, as most institutions pay fraud takedown companies to monitor the net for phishing attacks using their name, and outsource the legal aspect of it all together. A company like Paypal wouldn't directly address phishing attacks, instead they would pay a very large sum of money to someone else to make it go away.

With that said, those hosting the phishing sites have been very responsive. I came across a paypal phish on poly.edu's network, emailed abuse, and it was gone when I checked an hour or so later, along with an email response in my inbox. Problem is that the burden of enforcement is more on the company being phished than the source of the attack.

Paypal security center - "Alert us to fraud"

[arb]

Fake Email/Website (Spoof, Phishing)

Paypal, eBay, Amazon, etc all have pretty good security centres. I am surprised that abuse@paypal.com gave that automated reply, but if you visit their website the security centre is prett yeasy to find. You might not get a personalised response to your report because they get so darn many reports, but they do follow through on all reports.