Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

PayPal and eBay phishing e-mails fall off.

Sophos : 16 October, 2007  (Technical Article)
Reduction in conventional phishing targets indicate a change of approach of phishers to broaden their net to a wider audience according to Sophos.
IT security and control firm Sophos has announced that there has been a dramatic reduction in the proportion of phishing emails targeted at the customers of PayPal and its parent company eBay. SophosLabs research shows that in September 2007 only 21 percent of phishing emails purported to come from the two well-known companies. A year ago, 85 percent of these bogus messages claimed to be from eBay or PayPal.

'In September 2006, almost nine out of ten phishing emails were trying to steal information from unwary eBay/PayPal customers, now it's more like one in five. That's an impressive turnaround by anyone's standards,' said Graham Cluley, senior technology consultant at Sophos. 'PayPal and eBay users are much less likely to be targeted by virtual muggers, in part due to the efforts the firms have made in educating their customers about what to look out for, and how to protect themselves. The phishers are not turning away from their life of crime, however. They are now turning to a bigger pool of potential victims.'

According to Sophos, phishing emails typically point recipients to a bogus website that looks like the real one but is really designed to steal login information such as usernames and passwords. Hackers use the pilfered login details to commit crimes such as identity fraud.

Alongside the reduction in the percentage of phishing emails directed at eBay and PayPal, Sophos experts note that cybercriminals are targeting the users of a wider range of online companies than ever before in their attempt to steal information and finances. Such businesses include smaller credit card unions, online retailers and firms based in other geographic regions.

Earlier this year, PayPal introduced an authentication keyfob which created a dynamic password for customers who wanted to reduce their chances of being phished. Additionally, eBay and PayPal have sections on their websites devoted to raising security awareness, and advising customers on how to protect themselves from fraudulent emails. These pages include expert security advice on what a spoof email is, how to recognise one, questions they would never ask of their customers via email, as well as ways that consumers can help fight the overall problem of phishing.

'PayPal and eBay are two big fish on the internet - but hackers are finding it harder than before to steal from their millions of users because of heightened user awareness, and technology that the firms introduced to help verify if an email communication is legitimate or not,' continued Cluley. 'This is great news, but internet users should not relax and think the fight is over. Phishers continue to target a wide variety of organisations in their pursuit of easy money.'

PayPal and eBay, like Sophos, are members of the Anti-Phishing Working Group (APWG), an organisation dedicated to wiping out internet scams and fraud. The companies have published several tutorials on how to spot phishing emails:

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo