PayPal Head In Shadow

That is, it’s head is where the Sun don’t shine.

<p>I get half a dozen or more PayPal scam attempts a day.  They’re almost always phishing attacks (that is, they include link text that looks like a URL but the HREF of the anchor goes elsewhere). </p>
<p>So, what does PayPal do?  They send their own (nearly legitimate) e-mails using the very same techniques the phishers use.  Here’s today’s mail, complete with MailScanner disarmament:<br />

To modify your notification preferences, log in to your PayPal account, click the Profile sub-tab, then click the Notifications link under Account Information. Changes may take up to 10 days to be reflected in our mailings. PayPal will not sell or rent any of your personally identifiable information to third parties. For more information about the security of your information, read our Privacy Policy at MailScanner has detected a possible fraud attempt from “email1.paypal.com” claiming to be https://www.paypal.com/privacy.

<p>If PayPal doesn’t care about phishing, who’s supposed to?