Let’s Fight Phishing Together
Hi, I’m Larry Friedberg, senior manager of Brand Marketing and Security at PayPal.
Can you spot a phishing email? Sometimes, it can be pretty easy. Perhaps there are obvious spelling mistakes. Or maybe it asks you to click on a link, expressing an urgent need to update your financial information. But more often than not, it’s hard to tell a real email from a fake.
Phishing is a huge problem for consumers and merchants. Last week, Consumer Reports issued a press release suggesting that consumers lost over $2 billion due to phishing scams in the past two years.
I’m sure it’s no surprise to you that we hate phishing. We hate it, because fraudsters are using our brand to dupe you into giving out your personal or financial information. So, we do a lot behind the scenes to go after the fraudsters and to increase your safety when using PayPal. But we realize we can’t do this alone.
At PayPal, we believe that consumer education is critical to our effort to put a dent in phishing. One of the most recent educational campaigns we’ve introduced is the PayPal Fight Phishing Challenge . Go ahead and give it a try. Test your own knowledge of phishing and see if you can score a perfect five out of five. If you do get all five questions correct, send the Challenge over to your friends and family and encourage them to try it. And please let me know what you think of the Challenge -- we’re always looking for ways to improve our education and keep you one step ahead of the fraudsters.
- Larry
How do I know this blog is real? At first I asked this as a joke, but take it seriously. I did a whois and the authoritative DNS for the domain is in the paypal.com domain. I'm satisfied.
Posted by: Larry Seltzer | August 14, 2007 at 02:56 PM
Larry - Thanks for your comment.
It’s always a good idea to be skeptical about whether a website is what it claims to be (whether it’s PayPal or any other site). Being cautious is great way to protect yourself from crimes such as phishing. If the domain name isn't paypal.com, you definitely should be careful - although there are circumstances, such as here, where the domain contains the PayPal name.
Looking up the registration information on whois, although above and beyond what users should need to do, is certainly appropriate. As you would clearly find, the domain is legitimately owned by eBay / PayPal and, as such, is a safe place.
The security PayPal places around the information posted in a blog is relative to the actual need for that security. In this case, you’re not being asked to enter personal information (like user ID or password) so there’s no need for more stringent security measures. When you visit the PayPal.com site, on the other hand, you’ll find a fairly wide range of security measures. One such measure is our early adoption of Extended Validation (EV) Certificates for the PayPal.com site. For our users who are using IE7, they’ll see a green address bar that indicates they’re actually on the PayPal.com site. More on IE7 and EV Certification in the coming weeks.
Posted by: Larry Friedberg | August 15, 2007 at 04:51 PM
Hi Larry!
It was great to see you at Live!
Love the Phishing Challenge. :) Added it to my eBay Guide along with Iconix.
Keep up the great work!
Kath :)
Posted by: Kath | August 27, 2007 at 12:18 PM
Let’s Fight Phishing. Give us an email address to which we can forward phishing emails that we receive. Then you will know much sooner when it happens.
Posted by: Joe Conner | February 23, 2008 at 05:15 PM
Hi Joe --
Hear! Hear! Actually, PayPal does have an email address you can forward suspected phishing emails to: spoof@paypal.com. Just forward the entire email -- including headers. PayPal will let you know within 24 hours (and as quickly as within minutes) whether or not the email that was sent to you was real or fake.
Thanks for the post.
Cheers,
Larry
Posted by: | February 25, 2008 at 09:26 AM