Dear $FIRSTNAME...

I get e-mail newsletters from PayPal, who're bright enough to know that I'm in Australia and so should receive their specially pointless Aussie-flavoured newsletter.

Regrettably, they've now made a very serious, but quite common, mistake in these newsletters. They've made them look like phishing attempts.

Nearly every e-mail everyone in the world receives "from" PayPal is not, of course, from PayPal. It's from someone trying to send you to a PayPal-lookalike page and steal your account details. The second you see a non-PayPal URL in one of those messages, you know it's a scam, right?

Regrettably, PayPal have now retained the services of the unfathomable dimwits at "Tipping Point" here in Australia to produce newsletters that look like phishes. They're full of http://paypal.tippingpoint.com.au/... URLs, which just scream "Fake!":

Log in:
http://paypal.tippingpoint.com.au/emailer/emailer_ct.asp?eid=0&cid=57&lid=373

Security centre:
http://paypal.tippingpoint.com.au/emailer/emailer_ct.asp?eid=0&cid=57&lid=372

Help centre:
http://paypal.tippingpoint.com.au/emailer/emailer_ct.asp?eid=0&cid=57&lid=371

Password help:
http://paypal.tippingpoint.com.au/emailer/emailer_ct.asp?eid=0&cid=57&lid=370

Those URLs actually do redirect to PayPal's own servers, but for all you know they do it via some underhanded wizardry or other. They're exactly the kind of links we're all trying to teach our dads and aunties to stay the hell away from.

And then there are links like the "Take me shopping" one, which bounce through a PayPal server to somewhere else. In this case it's merchantoffers.com.au, which belongs to PayPal Australia, but once again smells far too phishy to modern noses.

Lots of other organisations have made this same mistake. But that's not an excuse. It makes repeating the mistake even worse.

Tipping Point, in case you were wondering, are apparently "An interactive marketing agency strategically focused to deliver business-effective digital solutions that "tip" online customers."

Thanks to verbiage like this, Tipping Point's home page wank factor is a respectable 5.34. Most companies have moved on from the kind of corporate cant that the 2000-vintage Wankometer detects, but Tipping Point appear to be waiting for it to come back into fashion. The questionable book they took their name from is the same age as the Wankometer, by the way.

I hope PayPal aren't paying Tipping Point the kind of money you used to get in 2000 for crap like this.

Posted in Scams, Spam. 1 Comment »

One Response to “Dear $FIRSTNAME...”

  1. Darius Says:

    A company I own shares in (ING I think) use someone similar for sending their crud. My wife sent them a stern email and their reply indicated they totally missed the point.

    Same with Xilinx (FPGA mfg) - they send all their announcement crap that way, so stupidly unprofessional yet they don't learn.

    The worst part is that it just trains users to accept phish attempts so they will become more likely.


Leave a Reply