AAPL Stock: 118.88 ( + 1.13 )

Printed from

Safari not secure against phishing, says PayPal

updated 01:50 pm EST, Thu February 28, 2008

Safari vulnerable to phish

PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing - the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.

According to PC World Safari is the only major browser to be vulnerable in this way.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.

by MacNN Staff



  1. dliup

    Joined: Dec 1969


    use common sense

    None of these systems catches 100%, thus it's better to use common sense.

  1. starwarrior

    Joined: Dec 1969


    More Microtards

    Horseshit. Use a credit card and not paypal.

    Paypal must be nuts to not fix this themselves. More Microtards in action.

  1. Eldernorm

    Joined: Dec 1969



    Use IE over....well......anything else,....... cause it safer????

    What kind of statement is that? And phishing is a social issue not a technical one.

    Someone must have made a few bucks to make that statement publicly. :-)

  1. jhawk95

    Joined: Dec 1969


    Don't click on links!

    How about not clicking on links in a webpage when dealing with personal or financial infomraion.

    Always type in the address yourself.

  1. psdenno

    Joined: Dec 1969


    Is Safari also....

    ...more vulnerable to letters from Mugabe Unsara, wife of the late Finance Minister of Uganda, who has a business proposition for me if I will be willing to deposit 11,000,000 in my checking account?

  1. vasic

    Joined: Dec 1969


    What was that???

    Let's see the scenario: I receive a message that looks like it is from PayPal (it is not). It convinces me that I must go to PayPal and log in. I follow the link, go to the site that looks like PayPal (it is not) and try to log in. The message was sent using virus-infected zombie Windows PCs; the fake site is hosted on some rogue server in Niue, or Tuvalu, or some other Pacific speck on the map. How can PayPal fix this? Could you please elaborate?

    I use PayPal all the time to send money to individuals who cannot take credit card payments. Same thing the other way.

    Whoever is referred to as Microtards is probably not involved in any way here.

    Other browsers already have this. Safari should. While it isn't 100% fool-proof, it will most likely save many ignorant users from the agony of identity theft and flat-out robbery.

  1. vasic

    Joined: Dec 1969


    Not safari...

    As for the letters of Mrs. Unsara, it is not Safari; it will be Mac OS Mail that's vulnerable to those. And Thunderbird has a tendency to identify those as suspicious as well.

    The author of the article may have a point. Phishing is social engineering, but there are ways to reduce risk, and other developers are implementing them. Apple should too.

  1. russellb

    Joined: Dec 1969


    Common Sense

    I really wish that people would just use common sense .. pretty easy

    1) I get an email from my bank and 101 other banks warning me that I need to log in etc etc ... I DONT, just always manually type in your banks url yourself and manually log in

    2) PayPal send me an email warning to change password, click link etc HOW ABOUT paypal jst educate users to NEVER to respond to such emails and always manually go to paypal and log in ??

    it's not that hard

  1. DGFilm

    Joined: Dec 1969


    what can a browser do?

    can someone explain how a web browser can protect against phishing? I don't get it.

  1. dliup

    Joined: Dec 1969


    fool and his money

    No matter what kind of protection there is, A fool and his money are soon parted

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented