[SC-Help] Paypal/Ebay reporting error (deputies?)

[George Langford, Sc.D.]

Something seems odd about this whole discussion.

I've notified PayPal & eBay hundreds of times about phishes,
and they have never failed to acknowledge my reports. That
said, my notifies include the upstreams of the phish-hosting
site, the hosts of the email addy's (when present) to which 
the stolen personal data are redirected, and the owner of the
innocent domain (i.e., eBay, PayPal, WAMU, etc.) but never the
upstream provider for eBay or PayPal.  And I usually check
what SpamCop does with my report about the spammer site that
sent me the phish in the first place.  SpamCop has been sending
notifies to PayPal & eBay also, but occasionally either misses
an obfuscated URL or discovers a redirected URL that I miss.

My best guess regarding SpamCop's choice not to notify 
spoof@???.com is that spoof@???.com prefers to hear from folks
like me who take the time and risk of mining the phishes for
information that can help ???.com track down the criminals.
That's my motivation.  I'm a customer of the phished site, so
it is important to me that ??? not stand by, watching their
clueless customers get themselves into trouble by ignorantly
responding to phishes that they have never seen before.

Read an interesting article in American Scientist the other day.
It's by Brian Hayes, entitled, "Rumours and Errours," the title
giving away the point of the article.  The issue is May-June,
2005, page 207.  The computation that Hayes describes is of the
fraction of a population that never hears a certain rumor.  That
number works out to 0.203188... which is what drives the perp's
of the phishes.  In other words, more than 20 percent of the
population of computer users have never heard of phishing.  That's
a rich lode indeed.  No wonder they seem never to give up !

George Langford