IT security and control firm Sophos has today announced that
there has been a dramatic reduction in the proportion of phishing
emails targeted at the customers of PayPal and its parent company
eBay.
SophosLabs™ research shows
that in September 2007 only 21 percent of phishing emails purported
to come from the two well-known companies. A year ago, 85 percent
of these bogus messages claimed to be from eBay or PayPal.
The proportion of phishing emails claiming to
come from eBay and PayPal is in decline.
"In September 2006, almost nine out of ten phishing emails were
trying to steal information from unwary eBay/PayPal customers, now
it's more like one in five. That's an impressive turnaround by
anyone's standards," said Graham Cluley, senior
technology consultant at Sophos. "PayPal and eBay users are much
less likely to be targeted by virtual muggers, in part due to the
efforts the firms have made in educating their customers about what
to look out for, and how to protect themselves. The phishers are
not turning away from their life of crime, however. They are now
turning to a bigger pool of potential victims."
According to Sophos, phishing emails typically point recipients
to a bogus website that looks like the real one but is really
designed to steal login information such as usernames and
passwords. Hackers use the pilfered login details to commit crimes
such as identity fraud.
Alongside the reduction in the percentage of phishing emails
directed at eBay and PayPal, Sophos experts note that
cybercriminals are targeting the users of a wider range of online
companies than ever before in their attempt to steal information
and finances. Such businesses include smaller credit card unions,
online retailers and firms based in other geographic regions.
Earlier this year PayPal introduced an authentication keyfob
which created a dynamic password for customers who wanted to reduce
their chances of being phished. Additionally, eBay and PayPal have
sections on their websites devoted to raising security awareness,
and advising customers on how to protect themselves from fraudulent
emails. These pages include expert security advice on what a spoof
email is, how to recognise one, questions they would never ask of
their customers via email, as well as ways that consumers can help
fight the overall problem of phishing.
"PayPal and eBay are two big fish on the internet - but hackers
are finding it harder than before to steal from their millions of
users because of heightened user awareness, and technology that the
firms introduced to help verify if an email communication is
legitimate or not," continued Cluley. "This is great news, but
internet users should not relax and think the fight is over.
Phishers continue to target a wide variety of organizations in
their pursuit of easy money."
PayPal and eBay, like Sophos, are members of the Anti-Phishing Working Group (APWG), an
organization dedicated to wiping out internet scams and fraud. The
companies have published several tutorials on how to spot phishing
emails:
Sophos recommends companies protect themselves with a consolidated solution which can control network access
and defend against the threats of spam, hackers, spyware and
viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.