Paypal claims gains against phishers

PayPal is using partnerships with ISPs and security technologies such as electronic signatures to eliminate phishing attempts before they reach users' in-boxes

Instead, the IT industry will have to establish a "clearinghouse" for approving the signatures that can serve as a go-between for businesses and ISPs, he said.

Barrett said Paypal is also hopeful that tools, including browser-based visual cues that warn people about suspected phishing sites and so-called extended validation Web site digital certificates, will help end-users further discriminate between legitimate sites and phishing lures.

The applications the CISO cited include browser toolbar applications that interact with newer iterations of the programs -- such as Microsoft's IE7 and Mozilla's Firefox 2.0 -- to identify suspected scam sites, along with plans to add more native anti-phishing tools into future versions of popular e-mail clients.

In addition, Paypal began selling one-time password-generation tokens to its customers for US$5 apiece earlier this year to offer interested users another added line of defense for protecting their site authentication credentials.

Combining those tools with traditional anti-fraud modeling and phishing site blacklists shows a great deal of promise in further weeding out criminal transactions on Paypal, Barrett said.

"We think that some form of hybrid authentication is the best idea, and we're using all of the elements that we already know about user behavior to tell if it is them. If someone is trying to do high-risk transactions or anything that looks suspicious, we can employ additional controls," he said. "Phishers are doing it because launching the attacks is easy and suckers still fall for it; there's very little time and money needed to build a phishing attack. The idea is that if we can slow it down, they may move and do something else."

Outside of defending their own operations, Barrett said companies should also try to open lines of communication with government and law enforcement agencies that may be able to help them chase down those responsible for the attacks.

While data leakage events have become a public relations and brand management nightmare for companies affected by the incidents, the Paypal CISO said businesses that become targets of phishing attacks can mitigate the impact on their corporate image through hard work and preparation.

"You can't be complacent about it. If it hasn't happened to you yet, count your lucky stars and start building a program because sooner or later someone will find you," said Barrett. "You have to be upfront with customers and explain what the bad guys are doing and how they can protect themselves, and try your hardest to lower the impact."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?