eBay/PayPal reported me to the FBI

Seriously…

Here’s an email that was just forwarded to me from my hosting provider (Oxeo):

Dear ISPrime, Inc.,

We have just learned that your service is being used to violate PayPal trademarks and/or copyrights. Specifically, it appears that an ISPrime, Inc. user is hosting a page at 64.111.214.22 – http://www.ghettowebmaster.com/images/paypal-phishing-email.gif which uses our trademarks inappropriately.

While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user’s unauthorized reproduction of PayPal trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal an eBay, Inc. company, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal’s notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512 (c)(3)(A):

I, the undersigned, CERTIFY UNDER PENALTY OF PERJURY that I am the agent authorized to act on behalf of the owner of certain intellectual property rights, said owner being named PayPal Inc. I have a good faith belief that the website located at URL http://www.ghettowebmaster.com/images/paypal-phishing-email.gif has its copyright in each page of its website and associated source code.

Please act expeditiously to remove or disable access to the material or items claimed to be infringing.

We sincerely appreciate your immediate attention to this important matter. We would also appreciate if you would take steps to confirm the accuracy of any contact information that your user may have provided to you in establishing the account. Should you have any accurate information that could assist PayPal and law enforcement in tracking this individual, we greatly appreciate your assistance, as we know that you do not condone the use of your services for such criminal purposes.

Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. ? 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.

eBay/PayPal Inc.
Audit and Investigations
securityalerts@ebay.com

Wow. Looks like a message I would expect to get at a throwaway email address that goes with a bogus identity used to purchase some hosting if I were running a PayPal phishing scheme. It was totally unexpected, however, to get as a person who blogs about IT Security related stuff and used the image as a real life phishing email example in a blog entry posted over a year ago.

The blog entry that image is (legally) used in:
Porn Site Hacked, 16K Emails Snatched, Epic Fail at PayPal Phishing Attempt

Here’s the email I sent to my host in response to the email they forwarded over:

Hey,

That image is being legally used (“fair use”) on this blog entry:

http://www.ghettowebmaster.com/spam/porn-site-hacked-16k-emails/

Please tell eBay/PayPal Inc. to piss off.

^^^ That’s really cute. It’s as if they think I’m using the image for a phishing scheme vs. as an example of one. I’m forwarding this over to some IT Security contacts. This is total BS.

Please call me if you guys have any questions:
[phone number removed]

Thanks in advance,

Loren J. Williams

Their response:

Hello,
You may want to convey this directly to paypal at ftsteam@paypal.com, if you would like though I can relay your message to them, just let me know.

Me again:

Hey,

I’ll message them in a bit with the url to a new blog entry where I’ll use the image again and kindly (lol) tell them to piss off. Thanks for forwarding the message over to me and not acting like an irresponsible host by pulling the image or anything goofy like that.

– Loren

The image in question:
Paypal Phishing Email

So… What we obviously have here is eBay/PayPal Inc. trying to be proactive in getting their insanely huge phishing issues under control. What we don’t have is a reasonably sane team actually researching the images they are likely finding via a Google image search. This is insane at best and has my nerd blood boiling to nerd rage levels. I wonder how many other people have gotten similar messages from their hosts or simply had their sites shut down without warning.

Proactive = Good
Proactive + Retarded = Bad

Dear eBay/PayPal Inc.,

Piss off.

– Loren J. Williams (LoLo)

Update (7/15/09 – 6:15am-ish)
Here’s the email I ended up sending eBay/PayPal yesterday:

Hello,

Your message to my host was anything but cute. The image in question is being used as a real world example of a paypal phishing email on a blog entry from January of 2008.

Here’s that entry’s url:

http://www.ghettowebmaster.com/spam/porn-site-hacked-16k-emails/

And, here’s a new entry with my formal response to you:

http://www.ghettowebmaster.com/legal/ebay-paypal-reported-me-to-the-fbi/

You guys need to get your head on straight. I can only imagine how many other security researchers got a similar email.

Here’s my contact info in case you would like to pursue things further legally:

Loren J. Williams
[address / phone # removed]

Email addresses:
[removed]

P.S. That new blog entry will likely be making the rounds all over the internet this week. Congrats on making your company look like a bunch of retards.

– Loren J. Williams
Ghettowebmaster.com. etc…

That last line is already haunting them…

When shit hits the fan it’s always best to pick up the bat phone, light up the sky with the bat signal, or in my case: run to Twitter and send PaperGhost a message asking for “serious nerd rage backup”. His nerd rage also went into full fury after being forwarded the messages I had gotten. That resulted in a post on FaceTime’s Blog.Spyware.com: EBay / Paypal Reports Security Blog To FBI For Phish Screenshot and a tweet to pimp out that blog entry. And, that tweet has received a metric ton of retweets – thanks for the support everyone.

It’s pretty obvious that this story will make the rounds on the tech blogs and whatnot today. So, I repeat: Congrats on making your company look like a bunch of retards.

In other news… In order to avoid a shootout and prolonged hostage situation I went ahead and surrendered to the FBI this morning…

via Twitter. lolz

Update (7/20/09 – 10pm-ish)
This story made the front page of reddit and is getting a bunch of comments here and there that pretty much demand some kinda response from me.

“Please don’t call them ‘retarded.’ It’s childish and counterproductive.”
“damn you’re an arrogant geek.”
“…they do NOT deserve the abuse you are heaping on them. Show you are the better man…”
“You would do yourself a world of good by using more formal language in your communication with your ISP, eBay/Paypal, and your blog readership.”
Etc, etc, etc…

Did you guys bother to read the name of the domain you’re on? Childish & immature is what I do. Could I be more formal and not come off as a prick? Sure. That wouldn’t capture the demographic I aim for though. There are plenty of IT security blogs that IT security people and other nerds read. I write in a way that appeals to the Joe the Plumbers of the world. And, let’s face it: they seriously need the info more than you. Telling me to be more professional is like telling Jon Stewart that he needs to take a cue from Wolf Blitzer.

And… I’m an arrogant and immature prick so this arrangement works out fine.

One comment did rightfully slam me…

Hey thanks a lot- I’m an email scammer and thanks to you hosting that image, now I can send out as many phishing emails as I want. All I have to do is link that image to my phishing site and plenty of morons will click it. Trust me, the date won’t stop anyone who’s dumb enough to fall for a phishing scam.

Most spam filters won’t let phishing text through, and when I send out emails with images linked to MY sites, it gets caught by URIBL- but yours is a nice, clean domain and with your blind rage (and lack of common sense) I’m sure it will stay that way for a looooong time- or at least long enough for me to rip off a few hundred unsuspecting old people. But who cares about them, they’re old! Like they’re going to spend that money anyway.

Thanks again!

I would be majorly pwned if someone used that image in a phishing campaign. And, it would likely slip through spam filters. So, I’m going to add some text to it right now.

47 thoughts on “eBay/PayPal reported me to the FBI”

  1. Wow… Not even a moron in a hurry would think your site is PayPal because of a phishing scam screen shot.

    Just the fact that they say the IMAGE ITSELF is a “website” and that it’s on every page just proves they’re complete tools.

    I bet the “request” they got from the FBI is actually an automated response because of the influx of crap they probably regularly get from people like this all the time.

    Hopefully the FBI has more brains and will also tell eBay/PayPal to PISS OFF!

  2. >>Eileen: Holy crap…no wonder you never have time for me! :-)

    Who is this Eileen and how do you know her? You said I was the only one for you. I demand to know what’s going on!

  3. I work in the field of law enforcement and I can tell you for certain that when a company like this floods your caseload with hundreds or even thousands of bullshit complaints they do not become your best buddy. At best they will just look like they are wasting everyone’s time and the actual, REAL complaints of unlawful conduct will be very difficult to sort out of the pile of bullshit. Chances are that everything they submit will be ignored.

  4. I think the problem is in assuming there was any human intervention in this incident at all.

    My guess would be, given the hundreds of thousands if not millions of phishing attempts out there, that this process is entirely automated.

  5. Hey thanks a lot- I’m an email scammer and thanks to you hosting that image, now I can send out as many phishing emails as I want. All I have to do is link that image to my phishing site and plenty of morons will click it. Trust me, the date won’t stop anyone who’s dumb enough to fall for a phishing scam.

    Most spam filters won’t let phishing text through, and when I send out emails with images linked to MY sites, it gets caught by URIBL- but yours is a nice, clean domain and with your blind rage (and lack of common sense) I’m sure it will stay that way for a looooong time- or at least long enough for me to rip off a few hundred unsuspecting old people. But who cares about them, they’re old! Like they’re going to spend that money anyway.

    Thanks again!

  6. 1. You admit that they are trying to clean up their phishing problem

    2. You admit that they are likely casting a wide net and you got caught in it, so nothing personal

    But I don’t think it serves you well to hurl verbal abuse at them for doing what can only be agreed by most of us is the greater good. After all, your image may well have been linked to by spammers without you realizing, unless you checked your web logs (and you’d need to carefully scrub them as well).

    The only thing I find absurd from the way eBay handled things, was to mention referring things to the FBI. That’s quite likely BS and all they’ve done is just emailed them links to whatever they’ve managed to scrape together. It would seem evident to me that eBay was just sending out a template to a whole list of hosting services. So, yeah, they deserve a tongue lashing, but it should be professional… is all I’m saying.

  7. Zach/Hans

    Grow up. Your bleeding heart PC views have destroyed this country. STFU already.

  8. Evan, bad guys can’t use this. In the real email the link says one thing and goes to another. If they type in paypal.com manually they are going to go to the real paypal.com.

  9. Probably a blanket search by an eBay employee working long hours, and possibly not speaking English. Irregardless, if they deliver an apology, I don’t really see much wrong.

  10. wastedimage: have you ever received a phishing email before? They link the entire image to the phishing website. People who are dumb enough to fall for phishing emails will hardly notice.

  11. BS aside… If the FBI really did ask you through them to preserve everything for 90 days, wouldn’t taking down the image be violating said request?

  12. Technically, the FBI didn’t ask him anything. He shouldn’t be under any legal requirement to maintain anything because Ebay/PayPal isn’t an authorized law enforcement officer, they have no right to tell you to do shit. As far as their copyright claim goes, this is “fair use” if I’ve ever seen one. You’re using their trademark to inform the public of possible security concerns. It’s the same thing as the local news showing a picture of the building of people that scam others. It’s fair use because it’s being used for news purpose. Maybe Ebay should hire so real lawyers, not these retards.

  13. LoLo:

    Show some maturity and follow this up with an apology to PayPal. Phishing schemes are BAD FOR EVERYONE. Removing them as quickly as possible is A GOOD THING. That means the process of sending out these sorts of messages may be rushed. When people rush, they sometimes make mistakes: and given that you DID include a genuine image of a PayPal phishing email, the mistake was understandable (although still wrong). The mistakes should, of course, be corrected — they should send you an apology and CC their friends at the FBI. But they do NOT deserve the abuse you are heaping on them. Show you are the better man, and see if you can get your apology on record before PayPal publishes theirs.

  14. You would do yourself a world of good by using more formal language in your communication with your ISP, eBay/Paypal, and your blog readership.

  15. You need to file a document known as a “counter notification” under the DMCA with your ISP. This was my example of same when I got hit with a much more serious take-down notice from Diebold Election Systems. While not a lawyer, I was able to read the DMCA law itself which contains a blueprint for this. My response is listed at:

    http://www.chillingeffects.org/responses/notice.cgi?NoticeID=4045

    What you’re doing is, you’re taking the legal heat off of your ISP and putting it on you. You have to submit your real address for proof of service and agree to be sued under your local Federal court jurisdiction (they can’t drag you out of state thank God).

    See this link for the DMCA itself:

    http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281:

    Use link 6 (as enrolled).

  16. Have you sent this to The Consumerist? If not then do so. It’ll get more exposure.

    Good luck.

  17. I agree you need to upgrade a little re: use of the term “Retard.” Yes, I know it has a certain emotive appeal, but you must translate it into real meaning, such as “unprofessional” and “not thorough in basic research” and “lacking basic organizational structure and policy re: weighting down law-enforcement with trivial claims.” etc.

    Good luck and ciao baby.

  18. >> >>Eileen: Holy crap…no wonder you never have time for me! :-)
    >> Who is this Eileen and how do you know her? You said I was the only one for you. I demand to know what’s going on!

    Who are Eileen and Carol and how do you know them! You said I was the only one for you! And since when have you been seeing women? I demand to know what’s going on!

  19. Some employee of Paypal’s made a mistake, give them a break.

    If you were an actual victim in any of this I would feel for you, but calling them retards kind of makes them the victim.

  20. While I share your nerd rage…I think I have an idea about what may have happened. Not that it excuses it.

    I’m picturing a company that is so bloated and fragmented that one hand can’t see what the other is doing. Somewhere in that mess is some cog-in-the-system junior lawyer or legal aid, whose sole job is to ensure that no one infringes on the Paypal’s copyrights. They are likely a person with only minimal tech knowledge who saw the image and obviously jumped off half-cocked. Actually, judging by the ridiculous response, they may not have even read the blog entry at all, taking the image entirely out of context.

    As much as I enjoy a good PR debacle, this will most likely end up with that low-level hireling getting fired and no real change happening in the company. “Litigate first, ask questions later” is an easy motto when you’ve got a multi-million dollar legal department. Good luck.

  21. Right on! What a waste of time. You’re trying to help people and this is how you’re treated. Lame. I like your site!

  22. >> >> >>Eileen: Holy crap…no wonder you never have time for me! :-)
    >> >> Who is this Eileen and how do you know her? You said I was the only one for you. I demand to know what’s going on!

    >> Who are Eileen and Carol and how do you know them! You said I was the only one for you! And since when have you been seeing women? I demand to know what’s going on!

    In case Charles is “the only one for you”, Can you give me Eileen’s and Carol’s phone numbers?

  23. Dammit Eileen, I know we said we were on a break, but do you have to flaunt your new boyfriend in my f’ing face. I keep telling you I love you and you keep breaking my heart! WHY ARE YOU DOING THIS TO ME!!!!!

  24. What I find strange is this:

    ** That image is also blocked by our Avira Antivirus! **

    Not the rest of your site though, just that image. Do they have automated software that detects phishing scams? or have ebay/paypal been in touch with them, too?

  25. Your update is precious. You admit that there’s an excellent reason why Paypal SHOULD ask you to take the image down. You even take action to halfheartedly bring yourself into compliance with what they ask. But you still demand that they apologize for asking you to do the thing that you now admit was the right thing to do?

    How about YOU apologize to PayPal? You’re a fucking idiot.

  26. re Vivek:
    You can have both of them after arm wrestling Ron over Eileen. Charles is a master pipe layer. :P

    re Evan:
    “You admit that there’s an excellent reason why Paypal SHOULD ask you to take the image down.”
    Not really. Someone phishing accounts wouldn’t use that image (even before I edited it). There are simply too many better alternatives. The only reason I edited it was to prevent someone like you from sending it out in some emails to prove a point.

    Doesn’t calling me a “fucking idiot” ruin your argument that I was too rough on them? YOU are tossing all-caps out there when no one has done jack shit to you. Meanwhile, I’m a total fucking idiot dickhead for acting in a similar manner after someone actually did something to me that could have really fucked some stuff up / been a major pain in the ass to get corrected.

    If someone in your family ever gets hit by a drunk driver but walks away without a scratch, I’m sure you’ll keep your cool with them. /sarcasm

  27. This is indeed stupid behavior on the part of Paypal, but you should have called them ‘niggers’ or ‘fags’ instead of ‘retards’.

  28. don’t apologize to ANYONE! as you say, it’s for the non-tech idiots like me that you write this stuff, and if i wanted to read legaleeze all day i’d go to damn law school. lol keep up the good work—you are entertaining AND informative, a difficult thing to achieve these days. gracias! ; )

  29. btw the original link is now showing up as

    Content contained “Trojan-Spy.HTML.Fraud.gen” virus. Details: Virus: Trojan-Spy.HTML.Fraud.gen; File: No file name available; Sub File: No file name available; Vendor: Kaspersky Labs; Engine error code: 0x00010000; Engine version: 5.0.0.38; Pattern version: 090803.123456.2576864; Pattern date: 2009.08.03 12:34:56

    FYI.

  30. It’s true, “There are simply too many better alternatives.” What’s stopping phishers sending HTML that calls up PayPal’s own hosted logo?

    The obvious red-flag in this email is lack of First name and Last name that PayPal always uses to address recipients. You can’t fake that.

  31. You should just use a .htaccess file to block people from directly linking to your images (hotlinking) without being on your domain.

    CODE:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ghettowebmaster.com [NC]
    RewriteRule \.(png|gif|jpeg|jpg|tiff|psd|flv|mpg|mpeg|mp3)$ – [NC,F]

  32. That’s some bullshit right there. You’re trying to inform people that others use this method for attempted rape them and they report you to the FBI? I am sure the government is going to be right on top of addressing this issue considering the snappy job they did with 9/11, or rather “prior to 9/11″.

  33. I just recieved one of these today!

    I run a URL forwarding site, http://www.whurl.me – same kinda thing as tinyurl.com, bit.ly and the likes. Its seems some used the service to forward to a paypal phishing site – not my doing – and now i’ve been reported.

    Not sure if i should be concerned or not.

  34. I’m cancelling my paypal account, and moving my money from wells fargo; thanks for the insight.

    as for verbiage: Paypals actions are truly retarded if they are harassing and threatening you without due process. There are laws against financial institutions harassing individuals; maybe you should sue paypal and e-bay for the psychological distress inflicted by the threats incurred through their baseless harassment of your personal web site.

    Also: Calling retards “victims” -when it is no fault of their own that they are oncogenetically degenerate- reflects badly upon those who make such allegations.

  35. Typical ePig PayPig intimidation tactics.

    It’s similar to this email they sent to a German web host whose client published a bunch of Vladuz hacking scamming tools.
    http://www.ebaymotorssucks.com/vladuz-hacks-snoyce-me-page.htm

    I never got a warning letter from the eBay “FBI” Division. But if you read the letter again it came from eBay and not the FBI. eBay just used the FBI as part of their intimidation tactic.

    I think it was eBay that hit my site with a Major Ddos attack last month that took it offline, along with a bunch of other web hosting clients that were on the same server. That’s a dirty dirty trick that i wouldn’t doubt eBay would do.

    Here is a video about it: http://www.youtube.com/watch?v=CBrLzfSCtUo But it’s back online!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>