Slashdot Mirror
Paypal Advises Users To Stop Using Safari
eldavojohn writes "Over concerns for lack of an anti-phishing mechanism for Safari, Paypal is telling its Mac users to use another browser. An author from Ars Technica reveals that he has been using Camino and has fallen victim to a Paypal related phishing scam via e-mail so this story must hit home for him. 'Currently the Apple browser does not alert users to sites that could be phishing for your info, and it lacks support for Extended Validation. PayPal is, of course, a popular site among phishers in their neverending search for personal information, user IDs, and passwords. While it's not entirely fair singling out Safari (other Mac browsers like Camino also lack this support), it is perhaps at least a helpful reminder of the threat.'"
Tell Safari users to stop using PayPal...
The society for a thought-free internet welcomes you.
So wait.... you shouldn't use a (decently) secure browser such as Safari that is partly open-source, while you should use a browser that is fully proprietary (though with anti-phishing) and has a track record of being insecure? Not to mention how easy it is to keylog most Windows systems have already? Honestly, I think that making sure your browser is secure is much more important then making sure your info isn't going to an incorrect site.
There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
Just change your DNS to OpenDNS and you are covered. OpenDNS monitors Phising sites and will not let you resolve to it. You don't need to sign up just use their nameservers at 208.67.222.222 and 208.67.220.220. It's free. If you sign up you get some additional cool features like blocking selected domain types Like Pron if that's not your thing.
Help fight continental drift.
IE over Safari? Really? I can understand wanting a good free browser like Firefox on OSX but IE? Do they even have IE 7 for OSX yet? The article Ars points to says that this is driven by IE7 users not quiting PayPal. The fishing stuff is pure speculation and not even Microsoft thinks IE7 fishing protection is effective:
Rather than percieved security, I think the reason they see more IE7 users still logging in is because IE7 users are the kind of sheep that move along when prodded. They are using Windows, right? Like sheep to the slaughter, every day.
I've got a paypal account. I don't use it much because I don't use Ebay much. I would never use an emailed link to visit the site because it's just as easy to find the right page through Paypal itself. If they make it hard, they don't deserve my business.
Look, if you're not checking what's in the URL of your browser, or are in the habit of clicking on links in email blindly, you get the phishing you deserve. The best protection mechanism in any browser against phishing is your eyes, looking at the address bar.
snark: And Safari users are advised to stop using PayPal.
Laughter is the Spackle of the Soul.
The kinds of people who fall for phishing scams aren't likely to pay attention to what PayPal advises them to do.
So why not cut the middleman and just advise them to not fall for phishing scams -- that is, to always verify https://www.paypal.com/ in the URL?
Don't thank God, thank a doctor!
It's called the address bar. It's very easy to use, just type where you want to go and press return. Before entering sensitive information into a browser window check the address bar and make sure you are where you think you are. I know your mom and my mom might not fully understand the address bar, but I think it would be easier for them to learn about it than installing a new browser.
Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
http://www.fightidentitytheft.com/paypal_scam.html
mine was similar, only it claimed they were doing a fraud investigation about fraudulent use to my account.
they use the images and everything it looks exactly like a paypal e-mail, only the hyper link when you hover over it says a different website than in the email message. (they're doing a simple html trick, which is always the first thing i look for)
I've seen them do the same thing with say, yahoo mail login sites, etc. one of my less savvy friends got her IM name stolen for use sending IM spam.
safari is bass acwards to not show the real url on a tool bar! i couldn't live a day without that feature.
https://www.gnu.org/philosophy/free-sw.html
those too ignorant to leave URL's in emails ALONE
the headline could have also just said "Paypal tells idiots to stop clicking on paypal emails"
but that would potentially stop the 1 in 1000000 clicks that are legit and paypal would not want that transaction to not happen, so it's message to us is to stop using Safari.
isn't anything going on worth reporting? this is filler...
Well, if there's group of users that has been told repeatedly that their computer is safe from viruses, that it "just works," and that they don't need to be concerned with computer threats of any kind...it's Apple users. Sitting in their offices, wearing their turtlenecks and sipping their lattes, the only thing about phishing they've heard about is that it happens to other people. Uglier people. They're not used to having to defend themselves, not like Windows users. Windows users have a battle-scarred paranoia...they've seen worms that can rewrite their BIOS, steal their credit cards, and kidnap their firstborn. Their 50 yard stares have been earned by fixing their mom's computer for the eighth time this month, and damnit if they're going to lose another computer to some Ethiopian scammer...not after the last time. Their nightmares are the stuff of Steven King novels, the earlier stuff with lovecraftian clowns and superplagues that are the start of apocalyptic battles between good and evil. Their best days on the internet involve life and death struggles against the next pop-up, because it might be their last. Ironically, Mac users have never had to live with the terror that clicking on that "win a free iPod" might just cause their computer to explode, spamming their grandmother with anal tranny porn on its way out. Maybe it's time they should... ...wait, what the hell was I talking about?
All Paypal did was have a faq containing a list of anti-phishing features & browsers that support those features.
They don't recommend against Safari, they just recommend browsers that support anti-phishing features.
No doubt when Apple gets around to adding these features (pity Safari's not OSS, or it could be added easily by third parties), PayPal will add them to the list.
There are shills on slashdot. Apparently, I'm one of them.
I'm very happy for you, that you've never made a single careless mistake in your life. However, please do try to have a little mercy on those of us who are merely human, especially when we're honest enough to admit it.
IE is perfectly secure .... as long as you stay off the Internet.
Have gnu, will travel.
Microsoft stopped making (and supporting) IE for Mac in 2003. See for yourself.
Step 1: Assume that any e-mail you get is a phishing attempt.
Step 2: There's no step 2. There's no step 2!
It's not exactly rocket science.
I bought the $5 keyfob for paypal and ebay, (plus it works on my verisign openid provider) and this phishing problem is no longer an issue for me.
They can get my paypal username and password, but they still need the electronic key that only *I* have. I suggest anyone who actually uses paypal get one of these, they are trivial to use and paypal is selling them incredibly cheaply.
I read the script, and I think it would help my character's motivation if he was on fire. -Bender
While Opera may not have the market share of Firefox, it does run a helluva lot better than IE / Firefox / Safari on lower-end and older hardware.
"The fight for freedom has only just begun." - Geert Wilders
I'm with those who think this is simply avoided by NEVER clicking on a link in an email.
Paypal will NEVER require you to click on a link in an email. All ebay functions can be accessed from my.ebay.com. My bank specifically states 'we will never send you links in an email, ALWAYS type in our website address yourself'.
Follow that advice and you have no problems. PERIOD.
If you think the email is legit, log into the site you type in yourself and see if there is an alert. Or ring them yourself. (On a side note I once had a credit card company ring ME and refuse to say who they were until I confirmed who I was by giving my DOB. I rang them back on the proper number and went off at them.)
Case closed yadda yadda.
.....and we're not even sure about that.
Knowledge is power. Knowledge shared is power lost.
I have my doubts about this whole story. I question Barrett's motives. For the simple reason that the only way to find out that Paypal doesn't like Safari is to read the InfoWorld article and his quote. If you login to Paypal using Safari... nothing. Not a peep. No mail in your inbox, either. Seems to me that if Paypal really felt strongly about Safari they'd do a little more than that. But they don't. All we have is Barrett's quote. Which makes me wonder he's really after. And to me, the most plausible thing, is that as an EV early adopter, he's evangelizing how great EV is. Or maybe he has MSFT stock. Dunno. At any rate, if the user isn't looking at the URL bar in the first place, I don't know what difference it would make if it was green or not.
And don't even get me started on how effective I think the whole "keep a list of the bad guys" approach is.
USB storage autoruns, notices it's not on internet... install something that hooks into IE, whose core is used in basic System functions.
Now it's snarfed your bank info from some notepad you keep.
USB Key gets into an internet connected machine someday, its autorun notices that there's an internet connection, so it uploads what it found.
Just provide a Petname toolbar. All the anti-phishing you'll ever need, and it doesn't submit your URLs or browsing info to third-party servers, like the Google toolbar and Microsoft's "anti-phishing" extensions do (a technique which will ultimately prove ineffectual IMO).
Higher Logics: where programming meets science.
Animoog.org
Whiney Mac Fanboy goes head to head with a Mac Fanboy who is currently whining!
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
Fortunately, I realised what had happened within a few minutes, immediately changed my Paypal password and cancel my bank card. I also reported the site to Paypal where it was taken down within an hour. As a result, I've not had any problems between then and now.
Yes, it's all about attention, I agree - but it just takes a lapse in concentration to fall for one of these scams.
Oh, and before it happened to me, I, like you, was mouthing off on Slashdot about how it could never happen to me also...
Gentoo Linux - another day, another USE flag.
Paypal hasn't been Safari friendly for a while. I once was using paypal "buy it now" links on a website. After a few months, I got emails from a user asking how to buy the product because there was no link. Apparently Safari doesn't show the "buy now" image because it's in a form. I guess Safari doesn't support that feature, but I would think Paypal would do something about it.