Heartbleed OpenSSL Vulnerability
Security and Privacy Tips for World Travelers
Filing Taxes Online This Year? Take Steps to Protect Your Information!
If your computer runs Windows XP, you must update it now!
Why Should You Report Security Incidents? And How Do You Report One?
Photo and Video Privacy Issues
The Password is Dead, Long Live the Password!
Data Privacy Month: NSA Surveillance Panel at the National Constitution Center
Protecting Your Finances During This Year’s Holiday Shopping Season
Beware of Phishing E-mails in the Wake of Typhoon Haiyan
No E-mail from Penn Will Ask For Your Username/Password or SSN
The Children's Online Privacy Protection Act: Does It Apply to Your Website?
October: National Cyber Security Awareness Month; Free Secure Disposal of Paper and Electronics
What Basic Rules Protect Student Information at Penn? (September 2013)
Protecting Privacy and Security on Penn + Box
Tagged with phishing
Tuesday, January 23, 2007 - Almanac Vol. 53, No. 19
Phishing: eBay and PayPal?
Although "phishing" was the subject of a previous security tip, it’s worth revisiting and focusing on the two most frequently "phished" companies: eBay and PayPal. PayPal was acquired by eBay in 2002 to facilitate online payments for its buyers and sellers. In recent years many other businesses have adopted PayPal as a payment method to the point where today untold millions of people worldwide have accounts with eBay, PayPal or both. These provide one of the single biggest "ponds" for "phishers", and from the earliest days of the scam, by far the most common examples have revolved around eBay and PayPal.
To refresh your memory, "phishing" is a fraud that arrives in your e-mail inbox as a message purporting to be from a major business or financial institution that attempts to induce you to visit a phony web site and enter sensitive information about yourself and your account(s). This information is then sold or used for identity theft and/or outright theft of your financial assets. Given that PayPal is so frequently "impersonated" in this way, it’s no surprise that its website offers particularly good advice on how to spot the tipoffs of a "phishing" scam, such as generic greetings ("Dear PayPal Member"), false urgency ("act immediately, without delay") and pop-up boxes (never used by PayPal, as they are not secure). These and more tips can be found on PayPal’s site at www.paypal.com/cgi-bin/webscr?cmd=_vdc-security-spoof-outside, and they’re just as useful in spotting the scam from other sources.