Feeds

Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!

If you use Yahoo!, eBay, and PayPal.

Top three mobile application threats

Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal.

Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, Yahoo! is rolling out a new email authentication system that uses the company's very own DomainKeys technology to block such messages.

"By reducing the risk of phishing scams," said vice president of Yahoo! Mail John Kremer, "Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users."

Presumably, Yahoo! Mail is also offering a much safer Web mail service for extremely gullible people who succumb to eBay or PayPal phishing scams even though they don't use eBay or PayPal.

According to a spokeswoman for eBay and its PayPal subsidiary, the two companies have included DomainKey signatures on all outbound email since the end of 2006. So, if Yahoo! identifies a message that purports to come from the eBay or PayPal domain and it doesn't include the proper signature, the message will be blocked.

Of course, this doesn't stop eBay or PayPal scams that claim to originate from other domains. "If I try to get something through that says it's from PayPal, I'll put money down - a million to one - that it will now get stopped by Yahoo!," says Patrick Peterson, vice president of technology at email monitoring vendor IronPort. "But people can always send a PayPal phishing email from abcd.com."

IronPort's parent company, Cisco, is another big-name backer of DomainKey authentication. The technology was originally developed by Yahoo!, and in May 2007, a revised version - known as DomainKeys Identified Mail (DKIM) - was approved by the Internet Engineering Task Force as a "proposed Internet standard".

Currently, Yahoo!, eBay, and PayPal are using the original DomainKey technology dreamed up at Yahoo!, but they'll soon switch to DKIM. Our eBay and PayPal spokeswoman said DKIM technology will be in place "over the next few months".

She also said that all eBay and PayPal messages are signed with Microsoft's Sender ID signatures, an alternative to DomainKeys. eBay and PayPal hope to extend their anti-phishing efforts well beyond Yahoo! Mail.

"There are about half a dozen large internet service providers around the world which between them operate nearly fifty per cent of the world’s email addresses," wrote PayPal chief information security officer Michael Barrett, on the company's its official blog. "We’re working with all of them to implement similar technology to what we announced with Yahoo!" ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.