I received an email notification this morning from PayPal. I've been a PayPal customer for some years now, and have received spoofing emails in the past. They have however become more and more convincing. I've also received Bank of America emails as well as from other financial institutions, but those don't stand a chance in convincing anyone who isn't even a customer.

With PayPal emails, its a little different because I have had legitimate notifications from them in the past concerning chargebacks on my account. This happens in cases where people use fraudulent credit cards to send you payment. Below is the most recent email I received:

I've magnified the link that appears in the email when you hover over the link they ask you to visit. It is clearly going to an unauthorized location. The other clincher that this was a scam email was that the email arrived at an email address not tied to my PayPal account.

I'm sure I'm not alone in receiving these kinds of emails, but the incident prompted me to write about my views as they pertain to Net security. More specifically, this notion that establishing trust continues to be one of the Internet's greatest challenges. Ironically, one of the underlying themes in the most recent battle between eBay and Google was eBay's claim that Google checkout is unproven. The question that remains is how does one establish "proven" systems of trust when a site like PayPal continues to have problems associated to preventing identity theft and fraud? Does one take away from this that this just one example which represents the negative perpetuality of Net security?

There is absolutely no doubt that the way the Internet works now is wonderful because it is able to grow without limit, and capable of handling any application. But the idea that someone may stand in the middle of an established system of trust raises some concern over scalability issues as it relates to Net security. Do we retreat from this problem, and accept this as a cost of taking our business online?

Amazingly, as I interpret the location of the link from the bogus PayPal email pointing to a non-trusted site, and its attempt to take me to a site in the Eastern block if it isn't a spoofed address, its lesson also allows me to recognize how successful IP addresses and domain ties have been all along in providing us with the rudimentary capability to combat online fraud.

And as we strive towards establishing smarter networks and suspicion detection systems meant to stay on par with the kind of growth the Internet is experiencing, establishing trust in Net security still needs to allow the Internet to be this fantastic place with huge growth potential, open to innovation at will.

Fixes that make the experience more obtrusive through processes and functionality designed to put in place stricter safeguards will come with considerable cost and penalties. Keeping networks open also doesn't mean pushing everything to the edge allowing it to evolve on its own because so far we have not had any success being able to apply this principle very well to Net security.