D'oh! PayPal violates email security best practices
Thursday, December 10, 2009
One of the prime targets for email phishing attempts has been careless with its messages to customers, according to a security researcher with ESET.
The email in question contained a link to a promotional opportunity, and Randy Abrams, ESET's director of technical education, correctly noted that this made the message appear to be a phishing attempt. Abrams forwarded the message to PayPal's "spoof" email account, where users are supposed to send suspected phishing attempts, and received an automated response confirming that "it was a phishing attempt" from PayPal's security team.
PC Magazine says that "[PayPal's email linking] is a bad practice," and questions why a perennial phishing target would be so cavalier in the area of email security. Experts say that messages should not contain links, in part because this trains users to click on HTML links in emails, which are easily forged.
Abrams, for his part, says that the case proves that legitimate businesses should never include links to log-in pages in their official email, to prevent just such a case as this one: If the PayPal's own anti-phishing filter gets confused, what chance does the average user stand?
Related News:
Web security a growing issue for local governments - 3.16.2010
As though local school districts and governments didn't have enough to worry about, cyber criminals have targeted small public institutions and have stolen millions of dollars.
Web security ends with user - 3.16.2010
No matter how potent an antivirus software or other web security program is, the most important step in defending a computer from malware is vigilance on the part of the user, according to business technology news site Katonda.
Mac users may soon be under attack - 3.16.2010
People buy Macs because they think they don't have to worry about web security. However, according to ZDNet, ransomware and other dangerous forms of malware may soon be a very real problem for Mac users, as cyber criminals begin to understand the best ways to compromise the rapidly growing brand's products.
Forty percent of malware sites hosted in the U.S. - 3.16.2010
While popular opinion dictates that malware often originates in countries like China and Eastern European nations, AVG Technologies recently reported that 40 percent of malware originates on servers hosted within the U.S.
March Madness latest threat to web security - 3.15.2010
The moment the 65-team field for the 2010 NCAA Divsion I Men's Basketball Tournament became public, cyber criminals began their latest attacks on web security.
|
