Contrary to some reports there has been a dramatic reduction in phishing emails targeted at PayPal and eBay customers when compared with the number of damaging phishing emails circulating globally.According to research recorded by IT security and control company Sophos only 21 per cent of phishing emails reported were sent under the guise of messages from PayPal and eBay, while a year ago a huge 85 per cent of phishing emails reported were purporting to come from the two companies.

Click to enlarge

“In September 2006, almost nine out of ten phishing emails were trying to steal information from unwary eBay/PayPal customers, now it’s more like one in five. That’s an impressive turnaround by anyone’s standards,” said Sophos senior technology consultant, Graham Cluley.

“PayPal and eBay users are much less likely to be targeted by virtual muggers, in part due to the efforts the firms have made in educating their customers about what to look out for, and how to protect themselves. The phishers are not turning away from their life of crime, however. They are now turning to a bigger pool of potential victims.”
Sophos says phishing emails typically point recipients to a “bogus website” that resembles the real one but is essentially designed to steal login information such as usernames and passwords from the visitor. Hackers can then use the stolen login details to commit crimes such as identity fraud.


Cybercriminals

Sophos also says that alongside phishing emails, cybercriminals are targeting the users of a wider range of online companies than ever before in their attempt to steal identity information and money. Some of the businesses targeted include smaller credit card unions, online retailers and firms based in other geographic regions.

To lower the chances of threat, earlier this year PayPal introduced an authentication ‘keyfob’ which created a dynamic password for customers who wanted to reduce their chances of being phished.

PayPal and eBay also have sections on their websites devoted to raising security awareness, advising customers of ways to reduce fraud.

“PayPal and eBay are two big fish on the internet – but hackers are finding it harder than before to steal from their millions of users because of heightened user awareness, and technology that the firms introduced to help verify if an email communication is legitimate or not,” said Cluley.

“This is great news, but internet users should not relax and think the fight is over. Phishers continue to target a wide variety of organisations in their pursuit of easy money.”

PayPal, eBay and Sophos are members of the Anti-Phishing Working Group (APWG), which works to eradicate internet scams and fraud.