PayPal, eBay's electronic payment service, plans to take the dramatic step of locking out people using older versions of Web browsers in order to stem phishing attacks.
PayPal said a "significant" group of people still use Microsoft's Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing Web site.
"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," according to a paper released during the RSA security conference in San Francisco earlier this month.
It also could mean eventual trouble for users of Apple's Safari browser, which has no phishing filter. PayPal warned users in February to stay clear of Safari.
Phishing sites are designed to look like the legitimate Web sites of major brands such as banks and seek to elicit financial and personal information. Users are often lured to the sites through unsolicited e-mail, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly differently spelling.
PayPal has been one of the brands hit hard by phishing since the service allows people to transfer money. The company has taken steps to strengthen authentication controls and worked with ISPs (Internet service providers) to block e-mails purporting to be from PayPal but lacking a valid digital signature.
PayPal said it plans to warn users who come to its site that they are using an old browser. Eventually, those users will be blocked, although the company did not say when.
The plan won't necessarily prevent a person from being victimized by a phishing attack. A user could still be duped by an e-mail with a link to a phishing site and then divulge their details.
But by preventing access to its site, PayPal hopes those users will then upgrade their browsers, which will then give them an additional security protection against phishing.
Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple's browser -- Safari -- does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to Web sites that have been vetted as legitimate.
For Web site with that certificate, IE shows a green bar. Firefox's address bar changes with white to beige and Opera denotes a safe site.
- Sponsored Resource:How does your network security compare to those of your peers? Visit the CDW Security Center to find out.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Six smart ways to grow small business IT
News For Your Business
- Mobile Firefox Enters Testing Next Week
- Yahoo Investor Proposal Unlikely to Push Microsoft
- Obscenity Charges Raise Questions in Internet Age
- U.S. Gov't Proposes Digital Signing of DNS Root Zone File
- Forbidden City Goes Virtual With IBM
Community Comments