EBay / Paypal Reports Security Blog To FBI For Phish Screenshot

July 14, 2009

Christopher Boyd

http://blog.spywareguide.com/2009/07/ebay-paypal-reports-security-b.html



I'm amazed by this - my good friend LoLo (who was writing about & shutting down Myspace scams when I was knee high to a grasshoper or something) has been sent a frankly ludicrous scaremail by EBay / Paypal, in relation to a screenshot of a phishing mail in a phish dissection post.

Seriously.

Dear ISPrime, Inc.,

We have just learned that your service is being used to violate PayPal trademarks and/or copyrights. Specifically, it appears that an ISPrime, Inc. user is hosting a page at 64.111.214.22 - http://www.ghettowebmaster.com/images/paypal-phishing-email.gif which uses our trademarks inappropriately.

While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user's unauthorized reproduction of PayPal trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal an eBay, Inc. company, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal's notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512 (c)(3)(A):

It gets better - or should that be worse:

Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. ? 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.

eBay/PayPal Inc.
Audit and Investigations
securityalerts@ebay.com

Jaw dropping. Did the person who initiated this fiasco not bother to check the original post? Because if you're going to dissect a phishing mail while warning people about it, it tends to help if you put a screenshot or two up. However, rather than go after the phisher, they tried to swing the banhammer at the good guy. Generally, you'd think people who are doing your brand a favour by alerting the general public to scams regarding your website are NOT the people you should be aggravating, because good will and a general desire to help quickly evaporates when faced with stupidity such as this.

If you run a security blog and happen to get one of these wonderful missives sent to your ISP (or even better, through the post) then please, let us know. As for EBay / Paypal - taking ten seconds to digest the content of a blog post works wonders...


main page ATTRITION feedback