EBay, PayPal Rank High on Phish Lists

Study shows that the e-commerce outfits are the top phishing targets.

By  Sean Michael Kerner | Jan 6, 2006
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

If you've been receiving suspicious and likely phished e-mails purporting to be from eBay or PayPal, you're not alone.

According to year-end 2005 data from research firm Netcraft, eBay and PayPal were the top phishing targets representing 62 percent of attacks.

Netcraft's data is derived from its Toolbar, which aims to block and or help users identify which sites are legitimate and which are phishing attempts. Netcraft claims that its toolbar, in a little over a year of existence, has blocked more than 41,000 confirmed phishing URLs.

Web security firm GeoTrust also has an anti-phishing toolbar and has eBay and PayPal in its top three phishing targets. GeoTrust spokesperson Joan Lockhart said that Citibank rounds out the top three with Amazon becoming a really close fourth.

Other financial institutions also need to worry. Lockhart noted that GeoTrust is seeing phishers going after a broader range of financial institutions including credit and insurance companies, not just the top-name banks.

Phishers are also now using more complex schemes in order to lure victims. Phishing e-mails now typically contain multiple URLs in them according to Lockhart.

Netcraft's study noted the filenames of the phished URLs often include the brand name of the targeted financial institution.

The malicious URLs use some form of deception that could include a misspelling or a hyphenated phrase to confuse victims. Phishers also made use of common eBay and PayPal strings such as "eBayISAPI" and "wbscr" within the URL that makes the address appear legitimate.

Phishers are apparently also making it hard to be shut down. Lockhart said that some phishers have been moving the sites from one fraudulent hosting location to another. The site is just moved so that it can reappear in another country, on another server, within minutes.

It's not quite as easy as you'd think to actually spot a phishing attempt. A recent study from MailFrontier reported that only 4 percent of users could spot a phished e-mail 100 percent of the time.

Article courtesy of internetnews.com

techjournalist@resultsoverhead.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >