There has been a dramatic reduction in the proportion of phishing emails targeted at the customers of PayPal and its parent company eBay. SophosLabs research shows that in September 2007 only 21 percent of phishing emails purported to come from the two well-known companies. A year ago, 85 percent of these bogus messages claimed to be from eBay or PayPal.
Phishing emails typically point recipients to a bogus website that looks like the real one but is really designed to steal login information such as usernames and passwords. Hackers use the pilfered login details to commit crimes such as identity fraud.
Alongside the reduction in the percentage of phishing emails directed at eBay and PayPal, Sophos experts note that cybercriminals are targeting the users of a wider range of online companies than ever before in their attempt to steal information and finances. Such businesses include smaller credit card unions, online retailers and firms based in other geographic regions.
Earlier this year, PayPal introduced an authentication keyfob which created a dynamic password for customers who wanted to reduce their chances of being phished. Additionally, eBay and PayPal have sections on their websites devoted to raising security awareness, and advising customers on how to protect themselves from fraudulent emails. These pages include expert security advice on what a spoof email is, how to recognise one, questions they would never ask of their customers via email, as well as ways that consumers can help fight the overall problem of phishing.