ks6+Pf&Ô,YnRi$M^~HH  JoE-ǹy&qbw/o~?޼ C1A1uw 92b$C i456ǂ:'rjyO$JZ&aًKlnD#ƹvfvIو',v=%$TNcdgEV5iWtg\8&О1r@Җ y>e3F\  C#B(jW/#8yDG802ê[[fTF o^ӆ[XO0)D䔜J=%$+9õ@h;loj[{f:Z4*gN:®!$Cʴ>6RhM X_Oyާί9ϩ4wGD3щfљEԀTW)e4e\֠Ә}*ӓX[1%v"*DD7k.Ml MLKݷIrǮ,JpP^1bxmGˁF9%n{?Z?86;3zeS֪M<3jB Mp`L%dNw^3 ddZP^<%E`ָ N# Zf\gnM3[KJ_'Ut=QpF gh+cjT:s!7ԞԚUY u+>nU{Z `|`27 uqI"ru"Mqv=C9cX;hc-Pffq P]=8" YS\1*)k>՝_}0t$^YZ1lq#l07N"n5+a8i^& "hUM zVCA+>qOZx,VsW4E IFrD`,POSJ#Xz+6h4om̅Ři8 5(A`jh7?9hDzCCPVA81@Fqk$麮5Gff^t:^BЊº(ƃs^"X`37MZ 3<2!nc *6GLkW,sC{Y2`: R10S"ӸSmXm!u5u=7 1@1}RS :޺CL惇?܄U?hnŀ\`E,Vwǵ>h?>3º_]B|NWyiZsw@EUPQM~]8.\:K̍pXl` ~ 47,HJ- .qe3- #4[Is0FW9jY2#̺PlQG A0@;9l7 KBBN@n?+,56f?+"w^ټoPK$w!8CoL'1^f$оn67ءUasb !eܘ쥫3}sZn`ChЪ6:*YR)uߔy2:&f&9+*uJHjƓ}XNjL8_ȘRu@cޑ7/^*~q 8l,=*֞߻ß~"pw>(A?ݣaFLK*?Ow 1$mj $jl׏V~`"WqlUfa_y5O]κ.ƾqg1F3r{ iٞ0OaU fZOsKU٧ 5QK4cb ffTtirrk%6Lss}wߕ)vHlN1f3<6"bSyr͜p"e:MFLL3yC15Z9,vo[q)mԨS ,xd4YR,ݫmF>;S]&apV+2KHq&y6]y @eQ9J?:;b}3ĭY!g\OTeCO*%qA2d#dp 5w|˷ĞUbI(L]{.Rɏ7'G7O>׼FjSvON`R$H'/z[H9 ,oFcSc>f,ɬ{ah/rnh?n4O==l>i*=$c'rR~HաjU0 єz \ܩ &@@q!?O5/G3(\۝UiZ|Wm^ި5P[< +yc"=C'\:E.|`*Mz1´h&b ̛\ 01/23/07, One Step Ahead - Almanac, Vol. 53, No. 19
Print This Issue

One Step Ahead
January 23, 2007, Volume 53, No. 19

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Phishing: eBay and PayPal

Although “phishing” was the subject of a previous security tip, it’s worth revisiting and focusing on the two most frequently “phished” companies: eBay and PayPal. PayPal was acquired by eBay in 2002 to facilitate online payments for its buyers and sellers. In recent years many other businesses have adopted PayPal as a payment method to the point where today untold millions of people worldwide have accounts with eBay, PayPal or both. These provide one of the single biggest “ponds” for “phishers”, and from the earliest days of the scam, by far the most common examples have revolved around eBay and PayPal.

To refresh your memory, “phishing” is a fraud that arrives in your e-mail inbox as a message purporting to be from a major business or financial institution that attempts to induce you to visit a phony web site and enter sensitive information about yourself and your account(s). This information is then sold or used for identity theft and/or outright theft of your financial assets. Given that PayPal is so frequently “impersonated” in this way, it’s no surprise that its website offers particularly good advice on how to spot the tipoffs of a “phishing” scam, such as generic greetings (“Dear PayPal Member”), false urgency (“act immediately, without delay”) and pop-up boxes (never used by PayPal, as they are not secure). These and more tips can be found on PayPal’s site at www.paypal.com/cgi-bin/webscr?cmd=_vdc-security-spoof-outside, and they’re just as useful in spotting the scam from other sources.


For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - January 23, 2007, Volume 53, No. 19