PayPal phishing plea to email providers

PayPal, eBay’s internet-based money transfer system, is trying to persuade email providers to block messages that lack digital signatures, which are aimed at cutting down on phishing scams, a company attorney said yesterday.

So far, no agreements have been reached, but the idea is one that PayPal would like to see from other e-commerce businesses, said Joseph E. Sullivan, PayPal's associate general counsel, at the International E-Crime Congress in London.

An agreement with, for example, Google for its Gmail service could potentially stop spam messages that look legitimate and bypass spam filters.

PayPal is using several technologies to digitally sign its emails now, including DomainKeys, Sullivan said. DomainKeys, a technology developed by Yahoo, enables verification of the sender and integrity of the message that's sent.

PayPal is one of the most highly spoofed brands, with fraudsters sending out spam to lure vulnerable users to look-a-like websites where their log-in details and passwords are collected and abused for profit.

Once a hacker has gained control of a PayPal account, it's possible to send money to other PayPal accounts or purchase goods. PayPal has introduced rules to counter fraud, such as limits on how much money can be transferred. PayPal also compensates users who've had their accounts hijacked, Sullivan said.

But the phishing problem is getting worse than when he started working for eBay five years ago, Sullivan said.

Last week, Sullivan said he got a call from his father, who said he'd fell prey to a phishing scam. While spam-filtering technologies have improved and awareness around phishing is rising, users tend to be the weakest point, falling for sometimes very convincing social engineering tricks.

"I think one lesson we've learned is that education isn't going to stop this," Sullivan said. "Phishing attacks are too good now. Every company that does business on the internet is being targeted by phishing scams now."

The number of phishing sites is also rising. A report released last week by the Anti-Phishing World Group, a consortium of vendors and government agencies, said the number of fraudulent websites in January reached an all-time high of 29,930.

Submit to:Digg Slashdot Del.icio.us Reddit

• FREE email newsletters. Get news, reviews and features straight to your inbox
• For videos of the latest products, visit PC Advisor TV
• Sign up for RSS to get the latest news and reviews, direct to your desktop
• Get PC Advisor news, reviews and blogs on your website for free

Latest technology news:

• British Library to offer 65,000 free ebooks in Amazon deal
• More companies look to virtualisation says Citrix
• Antivirus programs fail to stop new malware
• NASA's Endeavour blasts off on last mission to space station
• Toyota in Prius global recall after braking software fault