[cryptography] Paypal phish using EV certificate

James Cloos cloos at jhcloos.com
Tue Aug 13 20:22:12 EDT 2013

>>>>> "PG" == Peter Gutmann <pgut001 at cs.auckland.ac.nz> writes:

PG> Even though, according to the second article I referenced, Paypal said it was
PG> a phishing site and said they'd take it down?

It looks like paypal aquired it around the date of that article, and
registered it with Markmonitor:

   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Creation Date: 06-apr-2011

So although that domain name might have originated as a phish site, it
seems paypal has decided to use it to disassociate marketing mail from
their transaction report mail.

Separation of important mail from marketing mail by using different
domains for each is a common tactic in the control-spam-but-get-the-
important-automated-mail-through community.

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the cryptography mailing list