The New Nation - Internet Edition

IT REPORT

As phishing attacks get tougher, PayPal is working on preventing this phenomenon by blocking older browsers or browsers with no anti-phishing features from accessing their website.

In a paper called "A Practical Approach to Managing Phishing" and signed by Michael Barrett, Chief Information Security Officer and Dan Levy, Senior Director of Risk Management for Europe they said they have been working on solutions to stop customers from losing money or be victimized by these attacks.

"We realized that our strategy was based on preventing financial loss in the victim's account," said the two authors in the paper. "We couldn't eradicate the problem on our own - to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and governments around the world."

Approximately 3.3 per cent of the 124 million consumers became victims of phishing attacks last year, Gartner estimates.

Too many have fallen for e-mails asking for log-in credentials and other personal information, which lead to all sorts of fraud, including identity theft.

PayPal has developed the following strategy to stop fraudsters: reclaim e-mail (prevent phishmail from entering customers' inboxes by collaborating with ISPs to block unsigned e-mails), block phishing sites, authenticate users (prevent stolen login/ password from being used on PayPal.com), prosecute, and brand and customer recovery (ensure that targeted customers will continue to use PayPal).

Some browsers, which are considered to be unsafe or that don't have the Extended Validation Certificates should be blocked, the paper says: "letting users view the PayPal site on one of these browsers (such as Microsoft's Internet Explorer 3 or 4, Apple's Safari and Mozilla Firefox 1.x, although only IE3,4 have been named) is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."

"There's clearly no "silver bullet" which will deal with phishing," the paper concludes.

"Rather, we've made a credible case that a multi-layered strategy, such as the one we've laid out, can in fact make a significant difference in dealing with the crime.

We encourage the rest of the industry to evaluate their anti-fraud efforts and adopt a fraud prevention strategy along these lines. As the old adage goes, "united we stand; divided we fall."