PayPal tells users to download anti-phishing software

PayPal tells users to download anti-phishing software

PayPal is asking UK customers to download software from Iconix to help identify genuine e-mails sent by the eBay unit and weed out phishing messages.

PayPal, which has long been a favourite target for phishers, says Iconix eMail ID can help protect customers by visually identifying genuine messages. After a customer installs the software, they'll see an icon (a gold lock with a tick) next to a PayPal logo whenever they receive authentic e-mails from the firm.

The free program works with most of the major e-mail services like Gmail, MSN Hotmail, Windows Live Hotmail, Yahoo Mail, Outlook and Outlook Express.

Garreth Griffith, head, risk and security, PayPal UK, says: "Staying safe online needn't be a headache. By taking a few simple steps you can outsmart the fraudsters and protect your money and your identity.

According to recent research carried out for PayPal by Opinium, 58% of Brits have responded or clicked on a phishing e-mail link while only 58% make sure they look for the padlock icon when carrying out financial transactions.

The potential difficulty involved in identifying genuine PayPal e-mails was highlighted recently when Randy Abrams, director of technical education at online security vendor ESET, received a genuine message from the firm, containing a link.

He forwarded the message to the firm suggesting it stop this practice because links make e-mails look like phishing attempts. PayPal responded, thanking him for forwarding the "suspicious-looking" message, claiming "it was a phishing attempt".

Comments: (4)

Anthony Cossey
Anthony Cossey - Fixnetix ltd - London 09 March, 2010, 12:46Be the first to give this comment the thumbs up 0 likes

this functionality is supported under google mail anyway, go to 'settings' then 'labs' then enable the appropriate option called "Authentication icon for verified senders".  its experimental but works well, its limited to paypal and ebay emails presently

John Dring
John Dring - Intel Network Services - Swindon 09 March, 2010, 14:05Be the first to give this comment the thumbs up 0 likes

Sorry, if you mean Google Chrome, I don't see it?

Anyway - what is to stop Phishers from just emulating the padlock and tick logo in their plain emails?  Even if it is a secured part of the email window, the padlock will just be placed elsewhere and most punters will simply not know whether its secured or not.

A Finextra member
A Finextra member 09 March, 2010, 15:32Be the first to give this comment the thumbs up 0 likes

The gold key displays in the header of messages in Gmail and is visible in both your message list and the opened e-mail.

Rolling your mouse over the key in either view (msg list or opened email) a pop-up confirms that the e-mail has been verified as coming from the sender. Not so easy for scammers to fake...... but anything given time..........


Michael Wright
Michael Wright - Tilte, Taxd, Welleasy - London 10 March, 2010, 12:54Be the first to give this comment the thumbs up 0 likes

Striata has been supporting Iconix for visual email authentication for a while now. However it's the classic challenge of consumer technology adoption. Our new customers always ask - "who else is using it".

It needed a big brand to get behind it to make consumers aware of the solution.

I hope with Paypal (the most phished brand in Feb 2010 according Avira) can start to really encourage the use of this type of visual technology.