Print This Issue

One Step Ahead
January 23, 2007, Volume 53, No. 19

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Phishing: eBay and PayPal

Although “phishing” was the subject of a previous security tip, it’s worth revisiting and focusing on the two most frequently “phished” companies: eBay and PayPal. PayPal was acquired by eBay in 2002 to facilitate online payments for its buyers and sellers. In recent years many other businesses have adopted PayPal as a payment method to the point where today untold millions of people worldwide have accounts with eBay, PayPal or both. These provide one of the single biggest “ponds” for “phishers”, and from the earliest days of the scam, by far the most common examples have revolved around eBay and PayPal.

To refresh your memory, “phishing” is a fraud that arrives in your e-mail inbox as a message purporting to be from a major business or financial institution that attempts to induce you to visit a phony web site and enter sensitive information about yourself and your account(s). This information is then sold or used for identity theft and/or outright theft of your financial assets. Given that PayPal is so frequently “impersonated” in this way, it’s no surprise that its website offers particularly good advice on how to spot the tipoffs of a “phishing” scam, such as generic greetings (“Dear PayPal Member”), false urgency (“act immediately, without delay”) and pop-up boxes (never used by PayPal, as they are not secure). These and more tips can be found on PayPal’s site at www.paypal.com/cgi-bin/webscr?cmd=_vdc-security-spoof-outside, and they’re just as useful in spotting the scam from other sources.


For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - January 23, 2007, Volume 53, No. 19