Wednesday, July 9, 2008

PayPal, Google team in anti-phishing initiative

With phishing attacks and fraudulent e-mails still slipping through Google Gmail's security walls, the Mountain View-based company plans to work with eBay and its PayPal unit in an effort to protect e-mail users.

In an agreement announced today, Google and eBay will use DomainKeys and DomainKeys Identified Mail e-mail authentication technology to help stop fraudulent e-mails enter the Gmail inboxes. The DomainKey helps an ISP to determine whether or not a specific e-mail is authentic, and if it should be delivered. Developed by Yahoo, any e-mail sent with a DKIM will have a type of cryptographic signature that must be accepted by an e-mail server -- this case -- before being accepted.

Every e-mail from or will now be authenticated beforehand, and e-mails that are rejected will automatically be deleted.

As the largest auction house in the world, eBay is a popular target among phishers hoping to steal account information from customers, which could lead to false bids and loss of payment information. E-mail security teams have been entrenched in a long-term battle not just against spammers, but more and more against phishers. Earlier this year, the University of Puerto Rico's Information Security Research Team (INSERT) discovered in a proof of concept (PoC) test attack, it could send a bulk e-mail to 4,000 people using a single Gmail account.

And in February, the Computers and Humans Apart (CAPTCHA) test, designed to stop spam bots from signing up on a Web site and sending out e-mails, was compromised for the first time.

Today's partnership comes as Google revamps Gmail's security features, including enabling Gmail users to view the number of simultaneous logins to their accounts, and to remotely log out.

  • Start-up sues Google over e-mail switching tool
  • EBay to cut fraud risk, but only for PayPal payments
  • Google Analytics will finally integrate blog tracking
  • Google gets social with new iGoogle