Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paypal Advises Users To Stop Using Safari

Posted by Zonk on from the watch-where-you-click dept.

eldavojohn writes "Over concerns for lack of an anti-phishing mechanism for Safari, Paypal is telling its Mac users to use another browser. An author from Ars Technica reveals that he has been using Camino and has fallen victim to a Paypal related phishing scam via e-mail so this story must hit home for him. 'Currently the Apple browser does not alert users to sites that could be phishing for your info, and it lacks support for Extended Validation. PayPal is, of course, a popular site among phishers in their neverending search for personal information, user IDs, and passwords. While it's not entirely fair singling out Safari (other Mac browsers like Camino also lack this support), it is perhaps at least a helpful reminder of the threat.'"

15 of 362 comments (clear)

  1. In other news... by ninjapiratemonkey · · Score: 1, Informative

    Microsoft advises Windows users to stop using internet explorer, due to lack of security.

    --
    01110000 01010111 01101110 00110011 01100100
  2. OpenDNS to the rescue by bstadil · · Score: 5, Informative

    Just change your DNS to OpenDNS and you are covered. OpenDNS monitors Phising sites and will not let you resolve to it. You don't need to sign up just use their nameservers at 208.67.222.222 and 208.67.220.220. It's free. If you sign up you get some additional cool features like blocking selected domain types Like Pron if that's not your thing.

    --
    Help fight continental drift.
    1. Re:OpenDNS to the rescue by Anonymous Coward · · Score: 1, Informative

      It's free. If you sign up you get some additional cool features like blocking selected domain types Like Pron if that's not your thing.

      oh, and you also get some other cool features, like having any email, ssh, IM, or well, all, of your network connections go to OpenDNS servers when connecting to broken, mistyped, or if-they-just-feel-like-it, domains.

  3. What nonsense. by gnutoo · · Score: 5, Informative

    IE over Safari? Really? I can understand wanting a good free browser like Firefox on OSX but IE? Do they even have IE 7 for OSX yet? The article Ars points to says that this is driven by IE7 users not quiting PayPal. The fishing stuff is pure speculation and not even Microsoft thinks IE7 fishing protection is effective:

    Last year, researchers at Microsoft and Stanford University published a study showing that, without training, people were unlikely to notice the green address-bar notification provided by EV certificates.

    Barrett says data compiled on PayPal's Web site show that the EV certificates are having an effect. He says IE 7 users are more likely to sign on to PayPal's Web site than users who don't have EV certificate technology, presumably because they're confident that they're visiting a legitimate site.

    Over the past few months, IE 7 users have been less likely to drop out and abandon the process of signing on to PayPal, he said. "It's a several percentage-point drop in abandonment rates," he said. "That number is... measurably lower for IE 7 users."

    Rather than percieved security, I think the reason they see more IE7 users still logging in is because IE7 users are the kind of sheep that move along when prodded. They are using Windows, right? Like sheep to the slaughter, every day.

    I've got a paypal account. I don't use it much because I don't use Ebay much. I would never use an emailed link to visit the site because it's just as easy to find the right page through Paypal itself. If they make it hard, they don't deserve my business.

    1. Re:What nonsense. by Knara · · Score: 2, Informative

      AFAIK there will never be an IE7 for OS X

  4. Re:Maybe Apple should... by Constantine+XVI · · Score: 2, Informative

    The Firefox3 betas come with a new very Mac-like theme, called Proto. I believe you can download it for Firefox2 as well

    --
    "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
  5. Fish all you want... by cybereal · · Score: 5, Informative

    I bought the $5 keyfob for paypal and ebay, (plus it works on my verisign openid provider) and this phishing problem is no longer an issue for me.

    They can get my paypal username and password, but they still need the electronic key that only *I* have. I suggest anyone who actually uses paypal get one of these, they are trivial to use and paypal is selling them incredibly cheaply.

    --
    I read the script, and I think it would help my character's motivation if he was on fire. -Bender
  6. Re:Maybe Apple should... by MightyYar · · Score: 4, Informative

    Let Safari/Firefox save your username/password. Then when it doesn't auto fill-in, you know something is up.

    Safari is better for this strategy since it uses the secure key chain and not the - last time I checked - weak obfuscation that Firefox uses.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  7. EASILY fixed - never click on email links by grrrl · · Score: 5, Informative

    I'm with those who think this is simply avoided by NEVER clicking on a link in an email.

    Paypal will NEVER require you to click on a link in an email. All ebay functions can be accessed from my.ebay.com. My bank specifically states 'we will never send you links in an email, ALWAYS type in our website address yourself'.

    Follow that advice and you have no problems. PERIOD.

    If you think the email is legit, log into the site you type in yourself and see if there is an alert. Or ring them yourself. (On a side note I once had a credit card company ring ME and refuse to say who they were until I confirmed who I was by giving my DOB. I rang them back on the proper number and went off at them.)

    Case closed yadda yadda.

    1. Re:EASILY fixed - never click on email links by josath · · Score: 2, Informative

      I once had a credit card company ring ME and refuse to say who they were until I confirmed who I was by giving my DOB. I rang them back on the proper number and went off at them.

      Happened to me once, with a Wells Fargo credit card. Except it wasn't a person, it was a computer! (ie, voice prompts). And it wanted me to enter not my DOB, but my SSN!! At first I was sure it was a scam, that there was no way my bank would do something so stupid. But after hanging up & calling them back directly, I found out it was something they do. It's so sad how poor the security is for credit card related stuff these days in the US.
      --
      sig? uhh, umm, ok
  8. Re:Uhm, no by russotto · · Score: 3, Informative

    The reason is that ING allows the users to KNOW that they are on the correct website through the use of a custom image of their choice.
    Bank of America has the same system, so that fails to explain the difference in ID theft. Probably one reason is that ING Direct gets more savvy users than BoA.
  9. Solution is simple by naasking · · Score: 3, Informative

    Just provide a Petname toolbar. All the anti-phishing you'll ever need, and it doesn't submit your URLs or browsing info to third-party servers, like the Google toolbar and Microsoft's "anti-phishing" extensions do (a technique which will ultimately prove ineffectual IMO).

    --
    Higher Logics: where programming meets science.
  10. No ads required in Safari by Lord+Satri · · Score: 3, Informative

    Except for the missing ads - thanks to Ad Block+ I recently switched to Safari as main browser (at home, work = Firefox under Debian) for various reasons, and one of the software that made that switch enjoyable is http://safariadblock.sourceforge.net/ ... (much easier to use than PithHelmet in my opinion, and open source)
    --
    Animoog.org
  11. Paypal hasn't been Safari friendly for a while by Ingenium13 · · Score: 2, Informative

    Paypal hasn't been Safari friendly for a while. I once was using paypal "buy it now" links on a website. After a few months, I got emails from a user asking how to buy the product because there was no link. Apparently Safari doesn't show the "buy now" image because it's in a form. I guess Safari doesn't support that feature, but I would think Paypal would do something about it.

  12. Re:Maybe Apple should... by darthflo · · Score: 2, Informative

    Stupid science, having a different opinion than me again ;)

    Anyways, there's an easy, system-independent solution for at the very least your input troubles: Localized keyboards. You seem to be using lots of international characters (ë is french, ö is german, £ english), you may want to try the German (Switzerland) keyboard layout. It's a bit more convoluted than en-US (up to four or five characters on a single key), but it does have all the chars you get on en-US, all the chars you need for german, french, italian, conversations about english, american or european currencies.

    Check it out