PayPal phishing up 73% in Q1

News by Steve Gold

Good email hygiene is the answer to the phishing challenge - Sarb Sembhi, Incoming Thought analyst

The April 2014 Internet threats trend report from Cyren says there was a 73 percent surge in phishing URLs relating to PayPal, which the cloud security specialist says highlights a cybercriminal shift over to attacks that generate more money.

During a two-week sampling taken during the first three months of the year, researchers found the number of PayPal related phishing URLs increased from approximately 750 a day in Q4-2013 to more than 1,300 a day in Q1-2014.

That increase, says the firm, made the phishing methodology the most heavily used lure at more than 18,600 phishing URLs during the sample period. Other top brands used to lure email recipients were Apple, Poste Italiane, Barclays Bank, and Sparkasse.

So where do all the phishing attacks come from?

Cyren says that during the first quarter, India stayed in first place with the most spam sending bots (11 percent) followed by Russia with a significant increase to almost 10 percent.

The security research and consultancy firm adds that the underlying reason for phishing users' PayPal credentials is to gain access to financial data and assets, as well as harvest data for identity theft - such name, address, email, and password data.

The $64,000 question on most security professionals lips, of course, is whether the surge in PayPal phishing comes in parallel with the compromise of eBay account data (eBay owns PayPal) earlier this month, and which dates back to the start of the year.

Bob Tarzey, an analyst and director with Quocirca, said that the link between eBay and PayPal is a strong one, meaning that the eBay data breach - which involved the leak of identities - is not good news.

"Many users of PayPal will have set up their accounts in order to trade on eBay, and may well have used the same password for both and neither site insists on strong authentication. That said, if a way to exploit PayPal following the leaking of identities by eBay had been found, then it could be done without direct phishing for PayPal detail, so this must be a separate and ongoing activity," he explained.

Dr Eric Cole, former CTO with McAfee - and now operating his own security consultancy, Secure Anchor - said that phishing attacks on PayPal are not at all surprising, as cybercriminals normally follow the money, usually by attacking the human element of security, which he claims is always the weakest link.

Dr Cole, who is also a Fellow of the SANS Institute, said that modern phishing emails are replicas of legitimate emails, which he adds stand a very good chance of success if they look like the real thing.

The solution to this rising problem, he argues, is less to do with anti-phishing education and awareness, and more to do with the development of effective software to stop these types of attacks.

"And in this Internet age, it may be better for banks to send an email with a simple advisory saying a user's statement is now available, rather than using attachments and links," he said, adding that there may also be a need - in corporates - to remove the embedded links from the emails.

Sarb Sembhi, an analyst and director of consulting with Incoming Thought, meanwhile, said that the solution to beating the phishing problem - especially with a financial credential hunting attacks like those seen against PayPal – boils down to good email hygiene.

He explained that this entails using separate email accounts for financial and high-value (to the user) online activities - even to the extent of using one specific email address for eBay and another for PayPal.

Sembhi, a leading light in not-for-profit security association ISACA, says that another possible option includes disabling HTML in the email client software.

“It all comes down to making sure that users (in a corporate) do not click through to a link in the email, but simply go to the relevant Web site," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews