My Correspondence with PayPal
March 20 (via a form on PayPal's Web site)
I have received a message with a replica of the PayPal
login screen and the message "The email address or password you have
entered does not match our records. Please try again." Since I haven't
tried to use PayPal in a long time, and since the return address of the
message is some domain in Poland, I assume this is an attempt to defraud
PayPal customers.
If I had an email address where I could contact you, I would forward the
entire message to you. The headers of the message are...
March 21 (email from webform@paypal.com)
Dear ,
Thank you for contacting PayPal.
If you have any further questions, please feel free to contact us
again.
Sincerely,
Patrick
PayPal Customer Service
We at PayPal would like to know how well this response accommodated
your
request. Click on the appropriate link to send your feedback. We
welcome
your comments.
If this email exceeded your expectations:
mail to:exceededexpectations@paypal.com
If this email met your expectations:
mail to:metexpectations@paypal.com
If this email did not meet your expectations:
mail to:didnotmeetexpectations@paypal.com
Thank you for your feedback.
March 21 (email to didnotmeetexpectations@paypal.com)
In exchange for a report of what is, by all appearances, an attempt by
someone to spam your customers en masse in an attempt to defraud them,
I would have expected a little more than a form letter. At the very
least, the programmers who designed the form letter could have taken
the trouble to include my name after "Dear " (you got it right in the
email header, after all), and to make the feedback links say "mailto:"
rather than "mail to:" so that Outlook would have rendered them as
real links.
Just a thought.
March 24 (email from didnotmeetexpectations@paypal.com)
Dear Gordon,
Thank you for contacting PayPal.
First of all please let me apologize for our previous correspondence.
I would like to let you know that PayPal has a very strict privacy
policy. If you received unwanted email after revealing any
information to PayPal, please note that your information may have been
acquired from a different source. It is possible that another website
with which you signed up, such as an auction site, has made your email
address visible upon request to its pool of members.
When you sign up for PayPal, you agree to have your name (or business
name, if you have a Business Account) and email address made available
to anyone whom you have paid or who has paid you through PayPal. Your
email address will be available only to those people with whom you
conduct transactions through PayPal.
PayPal will not give third parties individually identifiable
information about users, except for these limited purposes:
- We are compelled to do so by order of a duly-empowered governmental
authority.
- We have the express permission of the consumer.
- We are required to disclose it in order to process transactions.
- We may share aggregated statistical data with our business partners
or the general public. For example, we may tell the general public that
10% of our users live in California.
- When a user signs up for a co-branded version of PayPal (e.g.
PayPal-eGroups or PayPal-eCircles) through links on our co-branded
partner's website, PayPal will share with the co-branded partner that
user's name, email address and physical address. If you signed up
through
a co-branded partner, the partner's logo will appear at the top of
your
PayPal screen after you log in. Our co-branded partners also have
privacy
policies to protect users.
You can consult the eCircles privacy policy by visiting
http://wwwld-00-07-ec.ecircles.com/templates/ec/x/policy/privacy.html
.
The eGroups privacy policy is available at
http://www.egroups.com/info/privacy.html
PayPal has been reviewed and approved by TRUSTe, an independent
non-profit
dedicated to safeguarding the privacy of Web users. You may wish to
read
PayPal's complete privacy policy by visiting:
http://www.paypal.com/cgibin/webscr?cmd=home/privacy
If you have any further questions, please reply to this email.
Sincerely,
Laurie
PayPal Customer Service
We at PayPal would like to know how well this response accommodated
your
request. Click on the appropriate link to send your feedback. We
welcome
your comments.
If this email exceeded your expectations:
mail to:exceededexpectations@paypal.com
If this email met your expectations:
mail to:metexpectations@paypal.com
If this email did not meet your expectations:
mail to:didnotmeetexpectations@paypal.com
Thank you for your feedback.
March 27 (snail-mail to David Thiel, CEO of PayPal)
On March 20, I informed your company, through a form on your Web site
(inquiry tracking code KMM9283278C0KM), that someone was trying to
defraud your customers by sending email spam with a replica of your
login screen. In response, I have received two form letters: one of
these has no substance, and the other seems to have been chosen by
someone who did not actually understand the important part of my
message. (Both letters are attached.)
I informed you of this fraud attempt not because my own money was at
risk (since I have never done any business with PayPal), but because I
felt it was my civic duty. If I do not get a reasonable response from
you in ten days (either by letter or email), I will conclude that
PayPal is not serious about protecting its customers from fraud, and
it will be my civic duty to warn others of this fact. I'm sure that
readers of Slashdot and comp.risks, for example, would be fascinated
by a transcript of my correspondence with PayPal.
Much later
(I never did get a response to my letter. Unfortunately, I was too
lazy to follow through on my threat. Shame on me.)
Seth Gordon -- sethg@ropine.com -- March 2001 --
comments?