If you’ve been receiving suspicious and likely phished e-mails purporting
to be from eBay or PayPal, you’re not alone.
According to year-end 2005 data from research firm Netcraft, eBay and
PayPal were the top phishing targets representing 62 percent of attacks.
Netcraft’s data is derived from its Toolbar, which aims to block and or
help users identify which sites are legitimate and which are phishing
attempts. Netcraft claims that its toolbar, in a little over a year of
existence, has blocked more than 41,000 confirmed phishing URLs.
Web security firm GeoTrust also has an anti-phishing toolbar and
has eBay and PayPal in its top three phishing targets. GeoTrust
spokesperson Joan Lockhart said that Citibank rounds out the top three with
Amazon becoming a really close fourth.
Other financial institutions also need to worry. Lockhart noted that
GeoTrust is seeing phishers going after a broader range of financial
institutions including credit and insurance companies, not just the top-name banks.
Phishers are also now using more complex schemes in order to lure
victims. Phishing e-mails now typically contain multiple URLs in them
according to Lockhart.
Netcraft’s study noted the filenames of the phished URLs often include
the brand name of the targeted financial institution.
The malicious URLs
use some form of deception that could include a misspelling or a hyphenated
phrase to confuse victims. Phishers also made use of common eBay and PayPal
strings such as “eBayISAPI” and “wbscr” within the URL that makes the
address appear legitimate.
Phishers are apparently also making it hard to be shut down.
Lockhart said that some phishers have been moving the sites
from one fraudulent hosting location to another. The site is just moved so that it can reappear in another
country, on another server, within minutes.
It’s not quite as easy as you’d think to actually spot a phishing
attempt. A recent study from MailFrontier reported that only 4 percent of users could spot a phished
e-mail 100 percent of the time.