Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

PayPal to block users with old browsers to cut back phishing

By Jeremy Kirk , IDG News Service , 04/18/2008
  • Share/Email
  • Tweet This
  • Comment
  • Print

PayPal, eBay's electronic payment service, plans to take the dramatic step of locking out people using older versions of Web browsers in order to stem phishing attacks.

PayPal said a "significant" group of people still use Microsoft's Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing Web site.

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," according to a paper released during the RSA security conference in San Francisco earlier this month.

It also could mean eventual trouble for users of Apple's Safari browser, which has no phishing filter. PayPal warned users in February to stay clear of Safari.

Phishing sites are designed to look like the legitimate Web sites of major brands such as banks and seek to elicit financial and personal information. Users are often lured to the sites through unsolicited e-mail, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly differently spelling.

PayPal has been one of the brands hit hard by phishing since the service allows people to transfer money. The company has taken steps to strengthen authentication controls and worked with ISPs (Internet service providers) to block e-mails purporting to be from PayPal but lacking a valid digital signature.

PayPal said it plans to warn users who come to its site that they are using an old browser. Eventually, those users will be blocked, although the company did not say when.

The plan won't necessarily prevent a person from being victimized by a phishing attack. A user could still be duped by an e-mail with a link to a phishing site and then divulge their details.

But by preventing access to its site, PayPal hopes those users will then upgrade their browsers, which will then give them an additional security protection against phishing.

Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple's browser -- Safari -- does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to Web sites that have been vetted as legitimate.

For Web sites with that certificate, IE shows a green bar. Firefox's address bar changes with white to beige and Opera denotes a safe site.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comments (2)
Login
Forgot your account info?

PayPal is punishing the poorBy Anonymous on April 19, 2008, 8:32 amThe large number of people using IE3 and other ancient browsers don't do so because of lethargy, but because their systems won't support newer, more bloated browsers...

Reply | Read entire comment

AlternativesBy Anonymous on April 21, 2008, 5:09 pmBesides the fact that there are other services with less demanding security requirements,and othert methods of making payments (less convenient perhaps, but viable)...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed