"Please review your billing agreement" - Paypal does it better

This morning I received one of the many impressive scams doing the rounds. I might have fallen for it save that two copies, almost but not quite identical, arrived a few minutes apart. I looked up the Action Fraud website for reporting spam and went through the routine to report one of them. I was asked me to forward the e-mail to [email protected] (the spanners were impersonating Paypal on this occasion). I forwarded the other Paypal as well, but did not bother to report a second time to Action Fraud because of the effort involved.

Shortly later I was pleased to receive two nicely worked automated responses from Paypal:


—–Original Message—–
From: [email protected] [mailto:[email protected]]
Sent: 13 February 2012 nn:nn
To: [my name] – [ISP Name]
Subject: RE: FW: Please review your billing agreement. ([pretentious number])

Hello [my name] – [ISP name],

Thanks for forwarding that suspicious-looking email. You’re right – it was a phishing attempt, and we’re working on stopping the fraud. By reporting the problem, you’ve made a difference!

Identity thieves try to trick you into revealing your password or other personal information through phishing emails and fake websites. To learn more about online safety, click “Security Center” on any PayPal webpage.

Every email counts. When you forward suspicious-looking emails to [email protected], you help keep yourself and others safe from identity theft.

Your account security is very important to us, so we appreciate your extra effort.




I would be more impressed by other Internet Services if they had similarly easy reporting and acknowledgment routines. I know my e-mails probably just went into counting routines but the feeling that they might go into an analytic engine for find distribution channels and/or origin made my morning.

I should perhaps add that I recently received a similar e-mails from two major security vendors asking me to click on links to join their advisory panels, alias complete marketing questionnaires. I forwarded them to contacts in the organisations concerned, because I could find no routines for checking whether they were was genuine, only to be told that they were !!!