Google Wages War against Phishing Attacks

People who fall victim to phishing attacks can end up penniless because the attacker will most likely use the information obtained through a phishing site to drain the victim's account dry. Search engine giant Google has been at the forefront of the battle against such scam attempts, warning users that the message may have malicious intent. The latest messages to come under close scrutiny are those that come, or claiming to come from eBay and PayPal.

Brad Taylor, Software Engineer with Google's Gmail comments: "Gmail does its best to put a red warning label on phishing messages, but it can be hard for us to know sometimes and we can't be 100% perfect. So, for the fraction of a time when Gmail misses it, you may end up squinting three times and turning the message sideways before suspecting that it's phishing. Wouldn't it be better if you never saw phishing messages at all, not even in your spam folder?"

This is how the whole thing goes: you will receive a message that seems to originate from PayPal in your inbox. The spammer makes up some reason to get you to visit what seems to be the PayPal web page, but it is in fact a close replica meant to steal your security credentials. Once he has all your private info he can then access your account and transfer all the funds out of it.

Google puts a stop to eBay and PayPal phishing
Comments: Google puts a stop to eBay and PayPal phishing
Credits: Low Impact Living

In order to prevent such things from happening to Gmail users, Google has resorted to high grade authentication that does not even allow a suspicious message into your inbox. Usually some messages that are identified as spam, and phishing is a form of spam, are allowed into your inbox; but a message that is suspected of phishing will not. This is available not just for eBay and PayPal, but for all international organizations that offer similar services.

Gmail can accurately tell if a message does not come from the previously mentioned companies because the two employ DomainKeys and DKIM to sign their e-mails. The phishing protection is already up and running with Gmail. Another great security feature about Gmail is the introduction of remote sign out.

[Source: softpedia]