PayPal asking email services to block unverified messages

Online payments service PayPal is trying to persuade email providers to block messages that lack digital signatures in a bid to cut down on phishing scams, company lawyers have said.

Share

Online payments service PayPal is trying to persuade email providers to block messages that lack digital signatures in a bid to cut down on phishing scams, company lawyers have said.

No agreements have yet been reached, but the idea is one that PayPal would like to see from other e-commerce businesses, said Joseph Sullivan, PayPal's associate general counsel, at the International E-Crime Congress in London.

An agreement with Google covering its Gmail service, for example, could potentially stop spam messages that look legitimate and bypass spam filters.

Sullivan said PayPal was using several technologies to digitally sign its emails, including DomainKeys, a technology developed by search giant Yahoo that enables verification of the sender and the integrity of the message sent.

PayPal, a subsidiary of online auction firm eBay, is one of the most highly spoofed brands, with fraudsters sending out spam to lure vulnerable users to lookalike websites, where their log-in details and passwords are collected and abused for profit.

Once a hacker has gained control of a PayPal account, it is possible to send money to other PayPal accounts or purchase goods. PayPal has introduced rules to counter fraud, such as limits on how much money can be transferred. The company also compensates users who have had their accounts hijacked, Sullivan said.

But the phishing problem was getting worse than when he started working for eBay five years ago, he added. While spam filtering technologies had improved and awareness of phishing was rising, users tended to be the weakest point, falling for sometimes very convincing social engineering tricks.

"I think one lesson we've learned is that education isn't going to stop this," Sullivan said. "Phishing attacks are too good now. Every company that does business on the Internet is being targeted by phishing scams now."

The number of phishing sites is also rising. A report released last week by the Anti-Phishing World Group, a consortium of vendors and government agencies, said the number of fraudulent websites reached an all-time high of 29,930 in January.

Find your next job with computerworld UK jobs