PayPal fails to follow its own anti-phishing advice

Hilarious! This has been reported and demonstrated over and again. My only conclusion is that PayPal themselves must be behind a good deal of the phishing and attempts thereof.  It’s a Pavlovian thing. (BTW, ebay still does it too.)

What other possible explanation could there be?

If ebaY and PayPal were truly interested in combatting phishing they would send emails with no html, no links etc. No one should know that and be more aware than they.

Here are some highlights from the article posted on September 9 2010 on Helpnet Security

“According to The Register, PayPal UK has violated its own anti-phishing advice when it sent out an email containing a direct link to the updated user agreement to its users, because one of the tips on avoiding phishing scams contained in the quiz says that the users should “always log into PayPal by opening a new browser and typing in the following: https://www.paypal.com.”

PayPal confirmed that the email is legitimate, but points out that it also contains the information that the users can type paypal.co.uk into the browser if they aren’t completely sure that the offered link is safe to click on.

“PayPal does not advise people not to click on links in emails, rather to exercise caution. Users are advised to check the URL of any link to make sure it does not direct them to something unexpected, as you know they can do this by hovering their mouse over the link,” it says in their comment.

Do you trust this outfit with your personal and financial data?