eBay, PayPal Users Hit Hardest By Phishing

Three out of every four phishing attacks target users of online auctioneer eBay and its electronic payment system PayPal, a security company said Thursday.

Of the phishing e-mails captured so far in 2006 by U.K.-based Sophos' network of spam traps -- often called "honeypots" -- 54.3 percent took aim at PayPal users and 20.9 percent tried to dupe users of eBay.

Phishers aim at the two domains for good reason, but unlike the line wrongly attributed to 1930's bank robber Willy Sutton -- "because that's where the money is" -- cyber criminals' rationale is based on reach.

"The reason why the phishers focus so much on PayPal and eBay is because they are so popular around the world," said Graham Cluley, senior technology consultant for Sophos. "Although bank customers do also suffer from phishing attacks, they tend to be less likely to have the global reach that these net giants have."

Sophos' numbers differ from the Anti-Phishing Working Group, of which the security company is a member. According to the APWG's most recent data, 92 percent of phishing attacks in May were directed at brands and companies in the financial services sector. That number hasn't changed significantly since the start of 2006.