PayPal is trying to persuade e-mail providers to block messages without a digital signature, a recently implemented security feature, a company attorney said. LONDON (03/27/2007)—PayPal, the Internet-based money transfer system owned by eBay Inc., is trying to persuade e-mail providers to block messages that lack digital signatures, which are aimed at cutting down on phishing scams, a company attorney said Tuesday. So far, no agreements have been reached, but the idea is one that PayPal would like to see from other e-commerce businesses, said Joseph E. Sullivan, PayPal’s associate general counsel, at the International E-Crime Congress in London. An agreement with, for example, Google Inc. for its Gmail service could potentially stop spam messages that look legitimate and bypass spam filters. PayPal is using several technologies to digitally sign its e-mails now, including DomainKeys, Sullivan said. DomainKeys, a technology developed by Yahoo Inc., enables verification of the sender and integrity of the message that’s sent. PayPal is one of the most highly spoofed brands, with fraudsters sending out spam to lure vulnerable users to look-a-like Web sites where their log-in details and passwords are collected and abused for profit. Once a hacker has gained control of a PayPal account, it’s possible to send money to other PayPal accounts or purchase goods. PayPal has introduced rules to counter fraud, such as limits on how much money can be transferred. PayPal also compensates users who’ve had their accounts hijacked, Sullivan said. But the phishing problem is getting worse than when he started working for eBay five years ago, Sullivan said. Last week, Sullivan said he got a call from his father, who said he’d fell prey to a phishing scam. While spam filtering technologies have improved and awareness around phishing is rising, users tend to be the weakest point, falling for sometimes very convincing social engineering tricks. “I think one lesson we’ve learned is that education isn’t going to stop this,” Sullivan said. “Phishing attacks are too good now. Every company that does business on the Internet is being targeted by phishing scams now.” The number of phishing sites is also rising. A report released last week by the Anti-Phishing World Group, a consortium of vendors and government agencies, said the number of fraudulent Web sites in January reached an all-time high of 29,930.—Jeremy Kirk, IDG News Service (London Bureau) Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe