eBay and Yahoo Fight Phishing
Yahoo and eBay are working along with Paypal to fight phishing on their sites. Phishing has been a problem for both. If you’ve been on eBay or Paypal you’ve probably received a phishing attempt. It’s a way people attempt to pose as a trusted company and send emails that ask for usernames, passwords, and credit card numbers.
The main ways phishing is accomplished is to make the email look as if it came from the company. They misspell URLs and use subdomains to look like they are legit. The sites often look like the real site.
To slow phishing EBay and PayPal have added a new technology to their sites called DomainKeys. Yahoo developed the technology that will authenticate that the e-mail sender is who they say they are. If it’s not authenticated, it will be automatically blocked. It will be integrated worldwide over the next several weeks. This is ideal because the customer never even sees the email.
Some phishing attempts are more obvious than others. Who hasn’t almost fallen for the email that says your eBay account will be deleted if you do not update your personal information immediately?
But there’s always the risk of blocking email that is legitimate. According to the article, DomainKeys uses more sophisticated cryptography than other technology and is a longer-term strategy.
For now, the responsibility to catch fraudulent emails is almost entirely on consumers themselves. The industry has been slow to address the problem for many reasons including political reasons, disagreements on strategy, and cost. but eBay and PayPal are leading the effort to actively block unauthenticated e-mails.
In January, one high profile phishing case involved Jeffrey Brett Goodin. Goodin sent thousands of fake e-mails to AOL users, posing as the billing department, and asked for personal and credit card information. He’s in prison for almost 6 years.