Computer Crime Research Center


Ebay Foils Phishers by Removing Password Requirement

Date: April 01, 2005
Source: Bbspot
By: Brian Briggs

San Jose, CA – Ebay claimed a victory against phishers today when it removed the need for passwords on user accounts.

A phisher tries to trick computer users into giving up their user name and passwords by send an official looking e-mail directing the victim to a page, which looks real, but is only used to scam the victim.

Phishing"The prized possession of the phisher is the password for our user's accounts. By removing the need for passwords, we've rendered the scam artists powerless," said Ebay director of security Terry Cornwell. "They can't steal something that doesn't exist!"

Cornwell explained that they have tried other methods like educating users, but the effects were minimal. "We saw this as our only alternative against the growing problem of phishing scams," he said.

"I think it's great," said Ebay power user, Stanley Parks. "Before, I would get emails several times a week from Ebay asking me to login to my account, because of 'security concerns'. Now, I can just ignore them."

Cornwell dismissed the charge that accounts without passwords would increase the likelihood of fraudulent transactions, "Already, 95% of Ebay transactions involve some sort of fraud, so were' only looking at a 5% risk factor. We think it's worth it."

As well as foiling phishers, Ebay will also save money on technical support by not having to help all the users who have lost their passwords.

One phisher, who wished to remain anonymous, said he was worried that Ebay may also remove passwords from their Paypal service, which is the real moneymaker when it comes to phishing scams. "These guys are going to put me out of business."
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-11-02 12:23:03 - You are the best! Merry
2005-04-02 11:15:11 - April fools! cyberzilla
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo