This is an update to my Dec 23, 2005 post. No, you do not need to update or verify your PayPal account information at the end of every year. I got this phishing attempt talking about getting ready for 2006.

There are also more victims of this type of scam than just the email recipients.

[Start] Dear users of PayPal services,

Due to upcoming year 2006, and recent changes in PayPal's Service Agreement you need to submit additional details on your PayPal account. Starting from 2006 all PayPal accounts will come with complete detailed information! You can submit additional information at the following link:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

According the new changes in Service Agreement any unverified account will be deleted from the system in 72 hours after receiving this letter.

Thank You for using PayPal!
Your PayPal team.
Attention! Do not reply to this letter, it has been sent to You automatically by an email robot!
[end]

The link would have taken you to a page on sickfaq.com registered to Martijn Wijts in the Netherlands. This is where you find the other victim. How would you like to spend your Christmas trying to recover your hacked website. Since this is a GoDaddy registration, I reported this to their abuse department as well as to spoof@paypal.com. Of course this got Martijn's attention and he corrected the problem. This was confirmed by his hosting service. Matt Barlow, CTO, Alpha Red, INC provided me with an email supporting his client's claim of being the victim. I have to commend his company for being so responsive to his clients. Martijn and I have been exchanging a few emails regarding this attack and Matt provided very fast feedback regarding this situation.

Now put yourself in Martijn's shoes for a minute. It's Christmas Eve and you get emails from GoDaddy and PayPal wanting you to justify why your site is the sender of thousands of phishing emails and a host for the phishing webpage. Great way to ruin a holiday, especially when you have to explain to your girlfriend that you need to fix you website versus spending Christmas with her. OUCH! As Martijn said "Operating systems have security flaws" as well as do many open source and commercial available scripts. It's a constant challenge keeping updates on servers and the applications installed on them. The scammers know this and I'm sure they were very aware of the vulnerabilities of the sites hosted where Martijn hosts his sites. They also timed it to hit on a holiday with the idea that the owner wouldn't become aware of the hack until they'd done their damage. Yes, they do think like this. I've seen a lot of evidence with this in just the pattern of attacks against the Quikonnex servers. The comment spammers hit on Friday nights as do the guys trying to guess our password via telnet.

Now I have to eat some crow. My apologies to Martijn for my original post. I was rather harsh with him.

I've received a few comments in the past about folks not having the time to forward this type of email to PayPal or Ebay's spoof department. It only takes a second to do this. Just think if one of your friends or a family member fell victim to one of these scam artists. Please remember though, the sites you're getting linked to in these emails are often victims themselves.