I received one of these as a text msg. I ignored the message and then checked my PayPal and bank to see if there was a charge of $400. There wasn't but I deleted my PayPal account just to be safe. My reasoning at the time (March) was that sanctions on Russia would motivate a lot of Russian programmers to devote more effort into hacking Americans and I should reduce my attack surface.
There was a posting on HN around that time about a hacker accessing passwords stored in the browser. I didn't save it, but cleaned out my stored passwords just the same.
Basically the same here. I looked for a way to report the issue to PayPal. There was no way to do it, so I just deleted my account and gave as a reason that PayPal didn't take fraud seriously if they didn't have a way to report / get advised on suspicious emails.
Paypal doesn't care about fraudulent use of their payment system, they practically promote it by not offering anyway whatsoever to report crimes committed on their platform.
> I received one of these as a text msg. I ignored the message and then checked my PayPal and bank to see if there was a charge of $400. There wasn't but I deleted my PayPal account just to be safe.
This. If your site is being used for phishing attacks, many users may just stop using your service, because it's not worth the trouble.
I used to have an automated list of popular phishing sites.[1] It's still running, but since it's driven by PhishTank, which isn't used much any more, it's not that interesting.
There was a posting on HN around that time about a hacker accessing passwords stored in the browser. I didn't save it, but cleaned out my stored passwords just the same.