EBay & PayPal Phishing Gone For Good On Gmail and Yahoo?

If your email account is with Google or Yahoo, your days of seeing phishing emails from fake eBay or PayPal addresses should be over. Google announced last week that it’s now using DomainKeys to verify messages really do come from paypal.com or ebay.com—if they don’t, they never even make it to your In Box. This is possible because eBay and PayPal are now making sure “that all their email is signed with DomainKeys and DKIM.” Since Yahoo! also uses DomainKeys and DKIM (they developed it, in fact), phishing attacks for Yahoo! Mail accounts should also disappear.

No amount of security will stop a bit of social engineering, but this is a great strike against phishing. Now if only banks would start embracing DomainKeys.

From Google’s Gmail blog:

Now any email that claims to come from “paypal.com” or “ebay.com” (and their international versions) is authenticated by Gmail and — here comes the important part — rejected if it fails to verify as actually coming from PayPal or eBay. That’s right: you won’t even see the phishing message in your spam folder. Gmail just won’t accept it at all. Conversely, if you get an message in Gmail where the “From” says “@paypal.com” or “@ebay.com,” then you’ll know it actually came from PayPal or eBay. It’s email the way it should be.

eBay and PayPal have worked hard to ensure that all their email is signed with DomainKeys and DKIM. Armed with this information, Gmail can easily reject as a fake anything that doesn’t authenticate. We’ve been testing this for a few weeks now and it’s working so well that few people really noticed.

“Fighting phishing with eBay and PayPal” [Gmail Blog]
(Photo: Stryker W@SP)

Comments

Edit Your Comment

  1. bout freaking time.

  2. nweaver says:

    Except domain keys breaks .forwards.

    Expect a lot of problems about this going forward.

  3. razremytuxbuddy says:

    The amount of obvious spam that makes it into my Yahoo inbox has increased in multiples the last few weeks, so this announcement is welcome, but is one step forward two steps back.

    In the meantime, Yahoo has been arbitrarily blocking legitimate domains from my inbox, and their “customer service” is a complete sham. (I pay for Yahoo’s premium service, and it’s clearly time to find a better service provider.)

  4. Angryrider says:

    That’s cool. I almost got phished, but my Firefox browser blocked before I clicked that stupid link.
    Now to destroy those stupid ads about “enlarging pills,” “government money,” or “hot stock.”

  5. mac-phisto says:

    oh man. i am so excited for the day that my spambox isn’t loaded with a thousand of:
    – 做傳銷還在找人嗎??太落伍了!我們排下線給你!
    – grflawkcsuwqseaotvmes@gmail, big enough to satisfy her?

    & the always classic:
    -x4||4x, pr0z4c, /41u|/| – don’t be a luser! buy lowest price guaranteed!!!11!

  6. battra92 says:

    @razremytuxbuddy: Interesting. I’ve actually seen mine go down quite a bit in the last year. My Gmail on the other hand is crazy for spam (but it’s the email I give out to companies and such that require an email)

  7. ElizabethD says:

    I use my ISP’s e-mail account (cox.net) and now that you mention it, I haven’t seen an eBay or PayPal phish in weeks, at least. Yay. eBay has done something good, maybe?!?

    How are y’all getting all this spam about enlargement etc.? My ISP mail blocks that stuff. Only rarely does one sneak through. These are not filters I’ve set myself; they reside with Cox.net.

  8. Swervo says:

    This seems like a good idea, but it could be disastrous if (when?) a vulnerability is found. Just imagine what will happen when phishing attempts are helpfully labeled with a “Sender Verified!!” message…

  9. danep says:

    As pointed out in a recent Slashdot discussion, this could be very bad if you are forwarding mail from another account to Gmail. As I understand it, if Ebay or Yahoo sends email to that address, forwarding will break the DomainKeys signature and you’ll never see it in Gmail. (Google “domainkeys forwarding” to read about it for yourself)

  10. Trai_Dep says:

    Great. Just great. Now how will my lil’ soldier get large enough to satisfy her? Huh? HUH?!
    Monika, come back! Come b-a-a-a-a-ck!

  11. chiggers says:

    Phishers will not stand for this. There will be workarounds. Even if it is something like putting the from as *.pÄ…ypal.com. <— Looks almost like *.paypal.com, doesn’t it? Oops, I hope I didn’t just give them an idea.

  12. @razremytuxbuddy: I switched from yahoo to gmail in June for basically the same reason. The last several months yahoo’s spam filters seem to have totally broken down. Legit domains getting constantly and routinely dumped in the spam filter; obvious and clear spam coming through. Yahoo was even dumping THEIR OWN ADMINISTRATIVE E-MAIL into my spam folder! Repeated customer service requests got no reply, so I jumped ship.

  13. Meshuggina says:

    I have a feeling I’m going to be getting a lot of emails from ebey and paypal.

  14. pz says:

    Aye, but what about all these emails I’ve been getting from “pavpal.com?”

  15. se7a7n7 says:

    That’s great I would get those phishing emails all the time and would always catch & report them.

    Last weeks I got a phishing email from YAHOO!!! It said that I had violated their user agreement or something and was at risk of having my account suspended. I clicked the link to explain the terms that I had broken and it took me to a log-in screen (odd since I was already signed in) and noticed that the address was funky, not an actual yahoo address.

    I forwarded the message with full headers to Yahoo and they replied that it was indeed a scam however they couldn’t do much about it?!?!?

  16. That won’t make a difference. Sure, now the phishing email comes from just aw-confirm@ebay.com, for example. What’s going to happen now is the email will come like this:

    From: aw-confirm@ebay.com <ebay-notices@e-bay-service.cn>

    The <first> part is supposed to be for the “Name” as in:

    From: Ben Popken <ben@some-isp.com>

    That first part is totally arbitrary and you can bet that DomainKeys won’t get fired just because someone’s name “looks like” an email address. As far as an automated system is concerned, my first example isn’t lying, it’s only claiming to be from e-bay-service.cn. Their full name just happens to be aw-confirm@ebay.com. Most people’s email systems don’t show the actual address in list view, they show the name there, and the address only shows up, in the header, once you click to view the message. So the easily fooled who have always fallen for this trick will continue to fall for the slightly-less-authentic look the phishers will adopt.

    Heck, even if they didn’t use this trick with the “Name” field, there are a billion permutations of ebay that look plausible to someone who’s not computer-sophisticated.
    e.g. @ebay.com.customerservices.cn @ebay.com.auctions-fraud-department.ng etc. etc.

  17. The_Gas_Man says:

    @nweaver:
    @danep:
    I don’t think you guys understand what “forwarding” an email actually is. All it’s doing is (depending on your email client) either A) copying & pasting the original email into a new one, or B) attaching the original email as a text file into a new one.

    Read the article:
    “Now any email that claims to come from “paypal.com” or “ebay.com” (and their international versions) is authenticated by Gmail”.

    A forwarded email claims to come from your_email_address@your_email_provider.com, not from the original sender’s address.

  18. razremytuxbuddy says:

    @Eyebrows McGee: Thanks for the suggestion, McGee. I’ll check into gmail. Those Yahoo customer service clowns actually sent me an email, twice, asking me to reply with my password and other confidential information, saying they needed it to look into the problem. I tried to call them to verify what information they really need, and the answer I got was “our technical assistance reps are not available by phone.” I think that is the Consumerist story.

    While Yahoo is focusing on ebay and paypal, junk with obvious subject lines like this is going straight into my inbox: “FEDERAL BUREAU OF INVESTIGATION….ATM CARD PAYMENT” and “CONTACT GLOBAL MAX DELIVERY COMPANY FOR YOUR BANK DRAFT $850,000.00″

    At the same time, some people in my contacts list have emailed me and their messages are bouncing back to them as undeliverable.
    Sheesh!

  19. Gmail has to be the best service filtering spam. The worst? Hotmail is pretty bad, but the award goes to AOL.

  20. SigmundTheSeaMonster says:

    Now if they could stop the “Angelina Jolie Died in plane crash” and “This sto ck price is going to mar ket fast! Buy no w at rate…” spammers.

  21. jimconsumer says:

    That’s awesome, so why in the fuck is GMail still filtering all of my legitimate Paypal messages into the spam folder? I click on them and select “not spam” every time, but the system refuses to learn.

  22. drjayphd says:

    @postnocomments: Really? Hotmail’s been pretty decent for me. Haven’t gotten any spam in the inbox, and the little spam that does get through their filters is promptly dumped into the spam folder.

  23. el-brazo-onofre says:

    eBay/PayPal phishing gone? Bollocks. I got one yesterday from notification@securesite.net that GMail didn’t route to the Spam folder. DomainKeys only protects against spoofing ebay.com and paypal.com addresses. Phishing activity will drop, but it won’t go away.

  24. hallam says:

    DKIM works with mail forwarding. It is SPF/Sender ID that has problems. That is one of the main reasons we wrote DKIM.

    You may have problems with forwarders that modify the contents of email. But those are properly regarded as broken.

  25. blackmage439 says:

    I received a spam message FROM a DKeys verified address. I should add the domain looked bogus to begin with.

    What a freaking joke.

  26. Caslonbold says:

    Absurd. I received 3 phishing emails relating to eBay and 2 related to Paypal yesterday alone. This new system will never work. Give it 5 minutes and someone will find a way around these DKeys.

  27. aaronw1 says:

    As other people point out, this will just make sure that any emails you get that are claim to be FROM paypal.com etc are actually from a paypal mail server. However, as you all say, you can make it be from paypalinfo.com or paypalinc.com or any one of another dozen domains and it will show up fine.

  28. Bearcat44 says:

    I receive eBay/PayPal spam on my Hotmail account and of course, the occasional 419.

    I have never had an account for eBay/PayPal.

  29. allthatsevil says:

    That’s funny, I just got an eBay phishing email yesterday, on the 16th…in my yahoo account. I forwarded it to eBay, as always, but it looks like the crooks are already finding ways around this.

  30. Anonymous says:

    Im not receiveing alot of my mail cause it says my address does’nt exist.I have’nt received any from e-bay sense i changed to this address.Any help would be appreciated if you could send it to me.Hopfully i’ll get it thank you.