EBay and PayPal Face Phishing Challenge
Banks, online traders and technology sellers must join together to fight security problems such as data breaches and phishing attacks, said Meg Whitman, President and CEO of eBay in a statement that ITWORLD CANADA published on March 8, 2007.
Whitman indicated to large e-mail service providers such as Microsoft Inc. and Yahoo Inc. that they should from now avoid all e-mails posing to come from eBay or its subsidiary PayPal that do not carry signing authentication on them. EBay now practices embedding digital signatures on all e-mails it delivers. That makes a huge number of e-mails with authentication, every year, Whitman said at a security summit of Visa USA Inc. in Washington, DC.
EBay and PayPal have been facing a huge challenge against phishing. So it is very important that they identify fraudulent sites as quickly as possible to protect customers from being cheated into giving up their payment and personal information.
Phishing has snatched a fair amount from consumers and businesses' moneybags. In 2006, there occurred a financial loss of more than $2.8 billion from these attacks. The top three targets were PayPal, eBay and banks, as per a Gartner report by Avivah Litan in late 2006. In fact, eBay was the focal point of this storm for fraudsters, said Gartner analyst Avivah Litan in a statement that RED HERRING published on March 12, 2007.
Phishers target eBay and PayPal as the two most popular brands that together accounted for half or more of all phishing attacks, said security researcher Michael Sutton.
EBay and PayPal, jointly with Microsoft, have developed a blacklist of spurious sites that appear like the real companies' products but essentially pick up sensitive personal information for illegal purposes. Microsoft's IE7 has default features to filter out those fake and other phishing sites, said Whitman. She entreated other web companies to do similarly for their own browsers.
But the plan is not sufficiently capable to protect eBay's user community for there is no easy way to entirely block all fraud, said Matt Sergeant, senior anti-spam technologist at MessageLabs in a statement that RED HERRING published on March 12, 2007.
Related article: eBay Announces Its New “Safeguarding Member IDs” Project
» SPAMfighter News - 20-03-2007