EBay, PayPal, And Yahoo Join To Fight Phishing

eBay, PayPal and Yahoo said on Thursday that they have begun collaborating to keep Yahoo Mail customers safe from phishing.

Phishers use forged e-mail messages that purport to come from brand name services like eBay or PayPal to dupe computer users into clicking on Web links that lead to phony Web sites. Unsuspecting consumers may then enter personal or account information and passwords under false pretenses. Phishers typically use this information for fraud or theft.

To prevent phishing messages from reaching users of Yahoo Mail, the companies are now using Yahoo's Domain Keys technology in the U.S. to block e-mail messages that claim to come from eBay or PayPal but really originate elsewhere. Yahoo expects to make the system available globally in the next few weeks.

Domain Keys was developed by Yahoo as a way to make sure that e-mail comes from where it says it comes from. In May, the Internet Engineering Task Force adopted the DomainKeys Identified Mail (DKIM), which incorporates Cisco's Identified Internet Mail system, specification as a Proposed Standard.

Dave Cullinane, chief information security officer at eBay, described the effort as a significant milestone in the effort to protect eBay and PayPal customers.

"[W]e hope today's news gets the attention of information security officers at some of the more obvious phishing targets so we can help protect even more consumers from the havoc these scams wreak," said Nick Dugan, blog editor for Yahoo's Yodel Anecdotal blog. "We're already actively working with many financial institutions, for example, and hope to continue the momentum."

In June, the Anti-Phishing Working Group, a consortium of organizations opposed to cyber crime, reported 31,709 unique phishing Web sites. About 95% of phishing attacks that month targeted financial services companies.