We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

PayPal phishing plea to email providers

eBay's service ask email tools to block messages

PayPal, eBay’s internet-based money transfer system, is trying to persuade email providers to block messages that lack digital signatures, which are aimed at cutting down on phishing scams, a company attorney said yesterday.

So far, no agreements have been reached, but the idea is one that PayPal would like to see from other e-commerce businesses, said Joseph E. Sullivan, PayPal's associate general counsel, at the International E-Crime Congress in London.

An agreement with, for example, Google for its Gmail service could potentially stop spam messages that look legitimate and bypass spam filters.

PayPal is using several technologies to digitally sign its emails now, including DomainKeys, Sullivan said. DomainKeys, a technology developed by Yahoo, enables verification of the sender and integrity of the message that's sent.

PayPal is one of the most highly spoofed brands, with fraudsters sending out spam to lure vulnerable users to look-a-like websites where their log-in details and passwords are collected and abused for profit.

Once a hacker has gained control of a PayPal account, it's possible to send money to other PayPal accounts or purchase goods. PayPal has introduced rules to counter fraud, such as limits on how much money can be transferred. PayPal also compensates users who've had their accounts hijacked, Sullivan said.

But the phishing problem is getting worse than when he started working for eBay five years ago, Sullivan said.

Last week, Sullivan said he got a call from his father, who said he'd fell prey to a phishing scam. While spam-filtering technologies have improved and awareness around phishing is rising, users tend to be the weakest point, falling for sometimes very convincing social engineering tricks.

"I think one lesson we've learned is that education isn't going to stop this," Sullivan said. "Phishing attacks are too good now. Every company that does business on the internet is being targeted by phishing scams now."

The number of phishing sites is also rising. A report released last week by the Anti-Phishing World Group, a consortium of vendors and government agencies, said the number of fraudulent websites in January reached an all-time high of 29,930.


IDG UK Sites

Samsung Galaxy S6 release date, features and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...