Phishers cast nets beyond PayPal

Phishers cast nets beyond PayPal


Virtual muggers seek smaller phish to fry

Security experts have reported a "dramatic reduction" in the proportion of phishing emails targeting customers of PayPal and its parent company eBay.

Monitoring by Sophos Labs shows that only 21 per cent of phishing emails purported to come from the two well known companies in September 2007 compared with 85 per cent a year ago.

"In September 2006, almost nine out of 10 phishing emails were trying to steal information from unwary eBay/PayPal customers," said Graham Cluley, senior technology consultant at Sophos.

"Now it is more like one in five, and that is an impressive turnaround by anyone's standards."

PayPal and eBay users are much less likely to be targeted by virtual muggers, in part due to the efforts the firms have made in educating customers about what to look out for and how to protect themselves.

But Cluley warned that the phishers are not turning away from their life of crime, and are simply turning to a "bigger pool of potential victims".

Alongside the reduction in the percentage of phishing emails directed at eBay and PayPal, Sophos noted that cyber-criminals are targeting users of a wider range of online companies than ever before in their attempt to steal information.

Such businesses include smaller credit card unions, online retailers and firms based in other geographic regions.

Earlier this year, PayPal introduced an authentication keyfob which created a dynamic password for customers who wanted to reduce their chances of being phished.