Here’s an email that was just forwarded to me from my hosting provider (Oxeo):
Dear ISPrime, Inc.,
We have just learned that your service is being used to violate PayPal trademarks and/or copyrights. Specifically, it appears that an ISPrime, Inc. user is hosting a page at 126.96.36.199 – http://www.ghettowebmaster.com/images/paypal-phishing-email.gif which uses our trademarks inappropriately.
While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user’s unauthorized reproduction of PayPal trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal an eBay, Inc. company, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal’s notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512 (c)(3)(A):
I, the undersigned, CERTIFY UNDER PENALTY OF PERJURY that I am the agent authorized to act on behalf of the owner of certain intellectual property rights, said owner being named PayPal Inc. I have a good faith belief that the website located at URL http://www.ghettowebmaster.com/images/paypal-phishing-email.gif has its copyright in each page of its website and associated source code.
Please act expeditiously to remove or disable access to the material or items claimed to be infringing.
We sincerely appreciate your immediate attention to this important matter. We would also appreciate if you would take steps to confirm the accuracy of any contact information that your user may have provided to you in establishing the account. Should you have any accurate information that could assist PayPal and law enforcement in tracking this individual, we greatly appreciate your assistance, as we know that you do not condone the use of your services for such criminal purposes.
Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. ? 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.
Audit and Investigations
Wow. Looks like a message I would expect to get at a throwaway email address that goes with a bogus identity used to purchase some hosting if I were running a PayPal phishing scheme. It was totally unexpected, however, to get as a person who blogs about IT Security related stuff and used the image as a real life phishing email example in a blog entry posted over a year ago.
The blog entry that image is (legally) used in:
Porn Site Hacked, 16K Emails Snatched, Epic Fail at PayPal Phishing Attempt
Here’s the email I sent to my host in response to the email they forwarded over:
That image is being legally used (“fair use”) on this blog entry:
Please tell eBay/PayPal Inc. to piss off.
^^^ That’s really cute. It’s as if they think I’m using the image for a phishing scheme vs. as an example of one. I’m forwarding this over to some IT Security contacts. This is total BS.
Please call me if you guys have any questions:
[phone number removed]
Thanks in advance,
Loren J. Williams
You may want to convey this directly to paypal at email@example.com, if you would like though I can relay your message to them, just let me know.
I’ll message them in a bit with the url to a new blog entry where I’ll use the image again and kindly (lol) tell them to piss off. Thanks for forwarding the message over to me and not acting like an irresponsible host by pulling the image or anything goofy like that.
The image in question:
So… What we obviously have here is eBay/PayPal Inc. trying to be proactive in getting their insanely huge phishing issues under control. What we don’t have is a reasonably sane team actually researching the images they are likely finding via a Google image search. This is insane at best and has my nerd blood boiling to nerd rage levels. I wonder how many other people have gotten similar messages from their hosts or simply had their sites shut down without warning.
Proactive = Good
Proactive + Retarded = Bad
Dear eBay/PayPal Inc.,
- Loren J. Williams (LoLo)
Update (7/15/09 – 6:15am-ish)
Here’s the email I ended up sending eBay/PayPal yesterday:
Your message to my host was anything but cute. The image in question is being used as a real world example of a paypal phishing email on a blog entry from January of 2008.
Here’s that entry’s url:
And, here’s a new entry with my formal response to you:
You guys need to get your head on straight. I can only imagine how many other security researchers got a similar email.
Here’s my contact info in case you would like to pursue things further legally:
Loren J. Williams
[address / phone # removed]
P.S. That new blog entry will likely be making the rounds all over the internet this week. Congrats on making your company look like a bunch of retards.
- Loren J. Williams
That last line is already haunting them…
When shit hits the fan it’s always best to pick up the bat phone, light up the sky with the bat signal, or in my case: run to Twitter and send PaperGhost a message asking for “serious nerd rage backup”. His nerd rage also went into full fury after being forwarded the messages I had gotten. That resulted in a post on FaceTime’s Blog.Spyware.com: EBay / Paypal Reports Security Blog To FBI For Phish Screenshot and a tweet to pimp out that blog entry. And, that tweet has received a metric ton of retweets – thanks for the support everyone.
It’s pretty obvious that this story will make the rounds on the tech blogs and whatnot today. So, I repeat: Congrats on making your company look like a bunch of retards.
In other news… In order to avoid a shootout and prolonged hostage situation I went ahead and surrendered to the FBI this morning…
…via Twitter. lolz
Update (7/20/09 – 10pm-ish)
This story made the front page of reddit and is getting a bunch of comments here and there that pretty much demand some kinda response from me.
“Please don’t call them ‘retarded.’ It’s childish and counterproductive.”
“damn you’re an arrogant geek.”
“…they do NOT deserve the abuse you are heaping on them. Show you are the better man…”
“You would do yourself a world of good by using more formal language in your communication with your ISP, eBay/Paypal, and your blog readership.”
Etc, etc, etc…
Did you guys bother to read the name of the domain you’re on? Childish & immature is what I do. Could I be more formal and not come off as a prick? Sure. That wouldn’t capture the demographic I aim for though. There are plenty of IT security blogs that IT security people and other nerds read. I write in a way that appeals to the Joe the Plumbers of the world. And, let’s face it: they seriously need the info more than you. Telling me to be more professional is like telling Jon Stewart that he needs to take a cue from Wolf Blitzer.
And… I’m an arrogant and immature prick so this arrangement works out fine.
One comment did rightfully slam me…
Hey thanks a lot- I’m an email scammer and thanks to you hosting that image, now I can send out as many phishing emails as I want. All I have to do is link that image to my phishing site and plenty of morons will click it. Trust me, the date won’t stop anyone who’s dumb enough to fall for a phishing scam.
Most spam filters won’t let phishing text through, and when I send out emails with images linked to MY sites, it gets caught by URIBL- but yours is a nice, clean domain and with your blind rage (and lack of common sense) I’m sure it will stay that way for a looooong time- or at least long enough for me to rip off a few hundred unsuspecting old people. But who cares about them, they’re old! Like they’re going to spend that money anyway.
I would be majorly pwned if someone used that image in a phishing campaign. And, it would likely slip through spam filters. So, I’m going to add some text to it right now.