Google today announced that it has teamed up with eBay and PayPal to fight phishing scams more effectively. Starting today, Google will authenticate every email that claims to be from ‘paypal.com’ or ‘ebay.com.’ If a message fails these checks, Google will reject the message and not, as it often did before, allow it through and display a warning message.
PayPal and eBay phishing scams are probably some of the most prevalent forms of online fraud, so having Google now fully reject these messages is going to at least prevent quite a few more of these.
Google has been using DomainKeys and Domain Keys Identified Mail since 2004 and both PayPal and eBay has been using it since October 2007. So far, however, Google did not completely block all suspicious emails in order to prevent too many false positives. Now, however, Google is taking a more radical stand and will reject any message that does not authenticate.
Google says it has been testing this for ‘a few weeks now and it’s working so well that few people really noticed.’
It is worth noting that Yahoo already announced a similar effort with eBay and PayPal last October.
As we noted today, a lot of spam and phishing scams are now also moving towards social networks. Just like with email, users there also have to become more educated about how to recognize potential scams, as technical solutions are frequently no match for the ingenious social engineering that is often at the core of these scams.