PayPal: If a browser doesn't have anti-phishing technology (like Safari) ditch it
A PayPal executive last week recommended that its users ditch Apple's Safari browser since it doesn't have anti-phishing technology. If other phishing targets--banks, brokers and such--follow suit it could make anti-phishing technology the price of admission to recommend browsers.
Infoworld last week quoted Michael Barrett, PayPal's CIO, saying the following:
"Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."
At issue is the fact that Safari lacks a built-in phishing filter to warn users about shady Web sites. Safari also dosen't support so-called Extended Validation certificates, which turn the address bar green if a site is legit. Extended Validation certificates aren't the complete answer but are a help.
Jeff Smykil at ArsTechnica noted:
While it's not entirely fair singling out Safari (other Mac browsers like Camino also also lack this support), it is perhaps at least a helpful reminder of the threat. Embarrassingly enough, (what don't I keep from you folks?) I have fallen for a PayPal-related phishing scam. It was early in the morning and I realized my error as soon as I hit enter; nonetheless, there was the possibility that the phishers got my login information. At least I was lucky enough to realize I screwed up and was able to change my login information on that, and other sites, right away.
I use Camino as my full-time browser, so Safari didn't fail me, but it would have. As annoying as I sometimes find the antiphishing features at work where I use a PC, the small annoyance would have saved me an even larger one in the end.
To be completely honest, I've never viewed anti-phishing technology as anything more than an annoyance, but if a tech savvy person like Smykil can get nabbed we all can.
Will anti-phishing features get more respect after PayPal's campaign?