Paypal: Web hosting services are not tackling phishing

Online payments service Paypal has lashed out at web-hosting services providers, which the company claims "need to do a better job" at tackling phishing.

Speaking at the 2007 e-crime congress on Tuesday, Paypal's associate general counsel, Joseph E. Sullivan said:

"Web-hosting services need to do a better job of taking down phishing websites. Some of the most well known hosting services are some of the slowest," said Sullivan. "If the sites were taken down more quickly, fewer people would be taken in."

Sullivan said that Paypal is pushing for European legislation similar to the "good samaritan" laws in the US which allow web hosts to take action against phishers without making the web hosts liable.

Speaking to ZDNet UK after the event, Sullivan said that the question is what role web-hosting services perform. Paypal was reluctant to name and shame the culprits, preferring to work with them out of the public gaze.

"We did consider putting together a hall of shame, but decided that would be counterproductive" said Sullivan. "When we do see a phishing site on a hosting service we contact them behind the scenes."

For Paypal, a measure of efficacy is the amount of time it takes a web-host to take down a phishing site. Often phishers put sites up on a Friday night (for the hosts) when the host's technical staff have gone home for the weekend.

Sullivan added that Paypal would like to see better record keeping at domain registration services.

According to Symantec, 46 percent of phishing sites are hosted in the US, and 11 percent in Germany. In both cases the large number of smaller hosting sites complicate matters for law enforcement. Three percent of phishing sites are hosted in the UK.

William Beer, Symantec's European director of security practice, said that technology cannot solve the problem of phishing, but that user awareness and communication were key.