I accidentally in your base

(14:09:07) Denny: as I say, you will need to regen the cart button
(14:11:36) J: can't see anything on paypal to do that, can you explain what you mean.
(14:17:02) Denny: let me login to paypal and find it
(14:18:52) Denny: right, go to Merchant Services, then click the 'Sell multiple items' link in the first of the three central boxes
(14:19:18) Denny: that gives you the 'create a button' form - in the drop-down at the top of the form, select 'Shopping cart'
(14:19:46) Denny: hrm
(14:19:53) Denny: no, this is a product button
(14:20:15) Denny: like I said when you were round here, they hide this stuff randomly scattered around their UI for no apparent reason
(14:20:19) Denny: it's infuriating
(14:20:39) Denny: oh I remember
(14:21:05) Denny: this is just stupid :)
(14:21:23) Denny: go to that page, click on 'my saved buttons', edit one of your buttons (doesn't matter which one)
(14:21:32) Denny: hit save on it without changing anything
(14:21:56) Denny: on the 'here is your code' result page, there's a link underneath for 'create a View Cart button'
(14:21:58) Denny: fuckers :)

I just received a fake PayPal phishing email that almost caught me out... there's something I never expected to say.

The phishers have hacked an ecommerce site that I used last year. They then used my email address and full name from that store to email me - meaning that the email met the 'genuineness' criteria PayPal themselves give in the sidebar of their own emails (which this one was an exact copy of):

PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.

Cunning. The only reason I spotted it is that I use tailored email addresses - so the To: address on the phishing email was the one I gave to the web-shop, not the one I gave to PayPal. Obviously for most people, this would not be the case - they use one email address for everything. The links go to paypal.com.mx, but it's a good copy of the real PayPal website and I have to say that I probably wouldn't have noticed the TLD if it wasn't for the To: address inconsistency.

I've phoned the store that run the web-shop, and amazingly enough the guy I spoke to had enough technical background to understand what I was telling him - he's kicking off an investigation right now. He says they don't store credit card details, so even if their ecommerce system has been completely 0wn3d I should be fairly safe.

Overall, I have to say I'm impressed... very sneaky indeed.