PayPal fails to follow its own anti-phishing advice

PayPal credentials are one of the most sought after by phishers, so it stands to reason that the company would try to educate its users on Internet safety. And it does – by offering a can-you-spot-phishing? quiz.

But what happens when PayPal itself doesn’t follow the advice it’s preaching?

According to The Register, PayPal UK has violated its own anti-phishing advice when it sent out an email containing a direct link to the updated user agreement to its users, because one of the tips on avoiding phishing scams contained in the quiz says that the users should “always log into PayPal by opening a new browser and typing in the following: https://www.paypal.com.”

PayPal confirmed that the email is legitimate, but points out that it also contains the information that the users can type paypal.co.uk into the browser if they aren’t completely sure that the offered link is safe to click on.

“PayPal does not advise people not to click on links in emails, rather to exercise caution. Users are advised to check the URL of any link to make sure it does not direct them to something unexpected, as you know they can do this by hovering their mouse over the link,” it says in their comment.

This might seem like a non-issue, but a lot of users have a tough time learning all the online safety advice given by safety practitioners and various companies and institutions – giving good advice but failing to follow it makes it that much harder for them to know what things are safe and what not.