IT security firm Sophos has revealed that over 75 percent of all phishing emails are targeting users of PayPal or eBay. Typically these phishing emails point recipients to a bogus website which looks like the real PayPal or eBay site, but is actually designed to steal usernames and passwords.
Experts at SophosLabs, the company’s global network of threat analysis centres, scanned all phishing email messages received during 2006, and have revealed that 54.3 percent were attempting to steal information from users of PayPal. The second most common targets, at 20.9 percent, were users of the eBay online auction service.
“The reason why the phishers focus so much on PayPal and eBay is because they are so popular around the world. Although bank customers do also suffer from phishing attacks, they tend to be less likely to have the global reach that these net giants have,” said Graham Cluley, senior technology consultant for Sophos. “PayPal and eBay have worked hard to educate and protect their customers from these kind of attacks, but the best solution is for computer users to be more savvy about securing their identity in the first place, and think before they click.”
PayPal and eBay, like Sophos, are members of the Anti-Phishing Working Group (APWG), an organisation dedicated to wiping out internet scams and fraud.
Research issued earlier this year by Sophos revealed that 58 percent of people receive at least one phishing email every day.