Gmail Knocking Out Two Big Phishing Threats

    July 8, 2008
    WebProNews Staff

PayPal and eBay have long drawn the attention of criminal phishers who try to spoof the companies and steal login information from their customers.

If that customer happens to be a user of Google’s web-based Gmail service, those phishing messages should drop dramatically in their occurrences.

Google announced another Gmail security feature addition on the Gmail blog, coming not long after their announcement of a remote control for Gmail that will let users turn off any concurrent sessions in progress. The newest feature concerns incoming mail labeled as being from a PayPal or eBay address.

Through the adoption of Domain Keys and DKIM by eBay and PayPal for their outbound messages, Gmail (and presumably any other email server that checks for DKIM) will be able to identify legitimate communications from those two senders.

If the message doesn’t have the requisite signatures in place, and a fake message won’t have those, Gmail rejects it immediately. Google said on the Gmail blog they have been testing the feature for a few weeks, so it’s likely few noticed, or missed, the phishes that may have crept into their inboxes.

PayPal and eBay remain targets for criminals, due to the access to financial details about their customers a successful phish can capture. Credit card numbers and banking data provide thieves with easy access to someone else’s money.

Shutting those bogus emails out not only minimized the threat, but presents a better marketing opportunity for both eBay and PayPal. People who are used to tossing out email labeled from either firm for fear of a phishing attack may be more willing to read new promotional emails from the services, and act upon them.