The 2008 edition of Consumer Reports' "State of the Net" report, advises that a common security mistake is "thinking your Mac shields you from all risks", and that due to Safari's lack of built-in phishing protection Mac users are urged to switch to Firefox or Opera :
"According to this year’s State of the Net survey, Mac users fall prey to phishing scams at about the same rate as Windows users, yet far fewer of them protect themselves with an anti-phishing toolbar. To make matters worse, the browser of choice for most Mac users, Apple’s Safari, has no phishing protection. We think it should. What you can do : Until Apple beefs up Safari, use a browser with phishing protection, such as the latest version of Firefox (shown at right) or Opera. Also try a free anti-phishing toolbar such as McAfee Site Advisor or FirePhish."
This is not the first time Apple's Safari has been criticized for lacking built-in phishing protection, and definitely not the last. Earlier this year, PayPal's Chief Information Security Officer Michael Barrett, said that :
"Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."
For the time being, Safari is still not considered a "Safe Browser" by PayPal, where safer browser for them means one that has built-in phishing protection. Whatsoever, the situation always repeats itself. Just like the moment in time when the rest of the now considered "safe browsers" were also lacking phishing protection, third-party plugins were filling in the gaps. The same adaptive approach fully applies to Safari with the help of 1Password's integration of the Phishtank.com's database, and also, through the Saft extension integrating Stopbadware's database next to the rest of the security features it offers.
- Phishers increasingly scamming other phishers
- Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
- DIY phishing kits introducing new features