Friday, April 18, 2008

PayPal's Answer To Phishing, Block Older Browsers

According to recent reports PayPal plans to take the dramatic step of locking out people using older versions of Web browsers in order to stem phishing attacks.

PayPal has said a "significant" group of people still use older version of IE such as IE3, IE 4 and IE5. Those browsers lack a phishing filter, which can block users or will at least warn them when they are trying to access a reported phishing Web site.

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," according to a paper released during the RSA security conference in San Francisco earlier this month.

The ban on older browsers could eventually mean trouble for users of Apple's Safari browser, which has no phishing filter. PayPal could decided to try and block any/every browser that is not equipped with the filter. Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple's browser -- Safari -- does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to Web sites that have been vetted as legitimate.

Obviously there are several flaws in PayPal's plan. Phishing has been around for a long long time, and even though it has been highly publicized people still get duped into clicking links and entering personal information on the would be sites. This does prevent a person from being victim, this only pushes people towards updating. Updating to the latest version of your browser is always a good idea, as is staying away from IE. But the use of common sense and safety are the only things that will solve the phishing issues.

Everyone should learn safe internet practices, and learn to spot phishing attempts, scams, hoaxes ect. By now you should know to question any emails you get from your bank, Pay-pal or any other site that involves important personal information. Don't just click the links in the emails, use your own bookmark so you know where you are going to. Once you are there double check the address bar and make sure you are actually on the right site.


  1. Anonymous12:15 AM

    Isn't there a risk that Paypal users will assume that they are safe from phishing attacks if they update to one of the supported browers?

    A database of phishing sites or domains is a priori incomplete. I make a point of reporting all phishing emails that make it through to me. Half the sites are no longer active by the time I read the mail; many of the rest are no longer active by the time the bank's phishing people read it. So several hours before the domain can even be added to a database, the crooks have already moved on to another one.

    I anticipate lawysuits from foolish users who believed they had been told they were now safe....

  2. Yes it could very easily and most likely will give users a false sense of security.

    Simply updating to a newer browser is not going to help stop phishing. It will provide a greater level of security but it won't stop people from trying to find way to bypass that security, nor will it stop uneducated users from mistakenly visiting malicious sites.

    Forced updates, of not only your browser but also your os is not a good replacement for user education!


All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you