Posted October 4, 2007 7:25 pm by with 5 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Yahoo and eBay are working along with Paypal to fight phishing on their sites. Phishing has been a problem for both. If you’ve been on eBay or Paypal you’ve probably received a phishing attempt. It’s a way people attempt to pose as a trusted company and send emails that ask for usernames, passwords, and credit card numbers.

The main ways phishing is accomplished is to make the email look as if it came from the company. They misspell URLs and use subdomains to look like they are legit. The sites often look like the real site.

To slow phishing EBay and PayPal have added a new technology to their sites called DomainKeys. Yahoo developed the technology that will authenticate that the e-mail sender is who they say they are. If it’s not authenticated, it will be automatically blocked. It will be integrated worldwide over the next several weeks. This is ideal because the customer never even sees the email.

Some phishing attempts are more obvious than others. Who hasn’t almost fallen for the email that says your eBay account will be deleted if you do not update your personal information immediately?

But there’s always the risk of blocking email that is legitimate. According to the article, DomainKeys uses more sophisticated cryptography than other technology and is a longer-term strategy.

For now, the responsibility to catch fraudulent emails is almost entirely on consumers themselves. The industry has been slow to address the problem for many reasons including political reasons, disagreements on strategy, and cost. but eBay and PayPal are leading the effort to actively block unauthenticated e-mails.

In January, one high profile phishing case involved Jeffrey Brett Goodin. Goodin sent thousands of fake e-mails to AOL users, posing as the billing department, and asked for personal and credit card information. He’s in prison for almost 6 years.

  • It’ll be interesting to see how this impacts on company newsletters.

  • I have been phished shorly after signing up with paypal. They were absolutely terrible with working with me about it. They have very poor customer service. It’s like the right hand does not even know the left hand. I am actually going to change over my payment company any day now for that exact reason.

  • as for me, i get random phishing of banks related only. none from ebay

    i do have to agree, the emails looks damn legit. you really have to look closely to spot it

  • my honest opinion is that everything that is made by a man can be hacked/cracked by another man…

  • Pingback: Yahoo and eBay fight phishing with DomainKeys | ThinKlear()