PayPal Leads Fight Against PhishingNotes from RSA Conference Day 3
"Technically, we don't have a phishing problem," he was told.
Yes, scores of PayPal customers were inundated daily with fake emails attempting to lure them to fake websites, where they'd be duped out of their personal information - possibly their very identities.
But this fraud was against PayPal customers - not against PayPal itself. In the scheme of risks that could cause financial loss to the company ... this wasn't a huge concern.
On the cocktail party circuit, however, whenever Barrett would introduce himself and say where he worked, he'd routinely hear, "When are you people going to stop sending me those fake emails?"
Clearly, Barrett knew, PayPal did have a phishing problem.
How PayPal has tackled that problem - and how other businesses might benefit from its strategies - was the topic of Barrett's presentation at the RSA Conference on Thurs.
PayPal has fought phishing on several fronts, including:
One legal hurdle in the phishing fight: When does the crime occur? Is it when the phishing emails are sent, when they're opened, when victims surrender their information, or when the information is used to conduct illegal transactions? Different countries have different answers, Barrett says, and this ambiguity hinders attempts to stop phishers.
Is phishing a solvable crime? PayPal has been able to reduce the volume of phishing email connected to its brand, Barrett says. "But unfortunately we have driven phishers to other people's brands," he says.
"We can't make phishing go away entirely," Barrett says. "But we should be able to drive it down to a lower level of noise."