AAPL Stock: 123.25 ( -0.99 )

Printed from

Safari not secure against phishing, says PayPal

updated 01:50 pm EST, Thu February 28, 2008

Safari vulnerable to phish

PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing - the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.

According to PC World Safari is the only major browser to be vulnerable in this way.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.

by MacNN Staff





  1. dliup

    Joined: Dec 1969


    use common sense

    None of these systems catches 100%, thus it's better to use common sense.

  1. starwarrior

    Joined: Dec 1969


    More Microtards

    Horseshit. Use a credit card and not paypal.

    Paypal must be nuts to not fix this themselves. More Microtards in action.

  1. Eldernorm

    Joined: Dec 1969



    Use IE over....well......anything else,....... cause it safer????

    What kind of statement is that? And phishing is a social issue not a technical one.

    Someone must have made a few bucks to make that statement publicly. :-)

  1. jhawk95

    Joined: Dec 1969


    Don't click on links!

    How about not clicking on links in a webpage when dealing with personal or financial infomraion.

    Always type in the address yourself.

  1. psdenno

    Joined: Dec 1969


    Is Safari also....

    ...more vulnerable to letters from Mugabe Unsara, wife of the late Finance Minister of Uganda, who has a business proposition for me if I will be willing to deposit 11,000,000 in my checking account?

  1. vasic

    Joined: Dec 1969


    What was that???

    Let's see the scenario: I receive a message that looks like it is from PayPal (it is not). It convinces me that I must go to PayPal and log in. I follow the link, go to the site that looks like PayPal (it is not) and try to log in. The message was sent using virus-infected zombie Windows PCs; the fake site is hosted on some rogue server in Niue, or Tuvalu, or some other Pacific speck on the map. How can PayPal fix this? Could you please elaborate?

    I use PayPal all the time to send money to individuals who cannot take credit card payments. Same thing the other way.

    Whoever is referred to as Microtards is probably not involved in any way here.

    Other browsers already have this. Safari should. While it isn't 100% fool-proof, it will most likely save many ignorant users from the agony of identity theft and flat-out robbery.

  1. vasic

    Joined: Dec 1969


    Not safari...

    As for the letters of Mrs. Unsara, it is not Safari; it will be Mac OS Mail that's vulnerable to those. And Thunderbird has a tendency to identify those as suspicious as well.

    The author of the article may have a point. Phishing is social engineering, but there are ways to reduce risk, and other developers are implementing them. Apple should too.

  1. russellb

    Joined: Dec 1969


    Common Sense

    I really wish that people would just use common sense .. pretty easy

    1) I get an email from my bank and 101 other banks warning me that I need to log in etc etc ... I DONT, just always manually type in your banks url yourself and manually log in

    2) PayPal send me an email warning to change password, click link etc HOW ABOUT paypal jst educate users to NEVER to respond to such emails and always manually go to paypal and log in ??

    it's not that hard

  1. DGFilm

    Joined: Dec 1969


    what can a browser do?

    can someone explain how a web browser can protect against phishing? I don't get it.

  1. dliup

    Joined: Dec 1969


    fool and his money

    No matter what kind of protection there is, A fool and his money are soon parted

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...


Most Commented