Agreed, you should have seen the hell I went through a few years ago trying to cancel an account I had with them...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Paypal warns buyers to avoid Safari browser from Apple
- Thread starter clevin
- Start date
- Sort by reaction score
Agreed, you should have seen the hell I went through a few years ago trying to cancel an account I had with them...
The only thing I hate about Apple is it's uppity ignorant/arrogant user base. It's not just about Paypal (most of the top 10 US banks have been hacked, etc, at least once), or email, or easily spotted cloned websites.
You'd surprised to learn how technologically advanced phishing methods have become.
Some of you guys are uber Apple homers. So much so that you'll actually brush off a legitimate and serious growing threat (that no one on the internet backbone is immune to), then pass the blame to protect Apple? No one organization has the resources or manpower to protect the end-user from these threats. It is everyone's responsibility and the fact that Apple doesn't beef up it's security measures to help protect it's customers, is just plain careless. I wonder where so many Apple users get their arrogance/ignorance from?
IE sucks, but it incorporates an appropriate (and pretty impressive, if I might add) security layer. And, like it or not, Paypal is used by millions across the globe. Somewhere down the line you'll use it, or something similar to it.
If you're a true Apple loyalist, you better hope Macs never take the market share from Microsoft; because if it ever does, we'll all be caught with our pants around our ankles when the hackers and script kiddies start to target us.
Apple isn't bullet-proof... no matter what Steve Jobs and Justin Long tell you.
You'd surprised to learn how technologically advanced phishing methods have become.
Some of you guys are uber Apple homers. So much so that you'll actually brush off a legitimate and serious growing threat (that no one on the internet backbone is immune to), then pass the blame to protect Apple? No one organization has the resources or manpower to protect the end-user from these threats. It is everyone's responsibility and the fact that Apple doesn't beef up it's security measures to help protect it's customers, is just plain careless. I wonder where so many Apple users get their arrogance/ignorance from?
IE sucks, but it incorporates an appropriate (and pretty impressive, if I might add) security layer. And, like it or not, Paypal is used by millions across the globe. Somewhere down the line you'll use it, or something similar to it.
If you're a true Apple loyalist, you better hope Macs never take the market share from Microsoft; because if it ever does, we'll all be caught with our pants around our ankles when the hackers and script kiddies start to target us.
Apple isn't bullet-proof... no matter what Steve Jobs and Justin Long tell you.
I believe Google keeps a database of known phishing sites, plus they probably also look for redflags such as any domain with a subdomain of ebay or paypal, for example.
the DB was developed & managed by AWPG and IC3 (Feds). This is way above Google's pay grade, though they do contribute to it. Most ISPs, major banks and software companies contribute to it.
Absolutely spot on.
Somewhat related: Just the other day I clicked on a link in Safari, (note that hovering over the link DID NOT show the URL it was really pointing to) it popped up about 20 terminals which started trying to telnet to some site or other and wget something (rootkits probably), it also opened iChat and started trying to send stuff out on that as well.
When you've got remote web pages able to execute arbitrary code/scripts on your local machine from the default installed browser, you know you have a serious problem with security on your hands. AFAIC, the "OSX is secure" honeymoon is over.
PS. Google "Rootkit Hunter" if you get into this situation - this type of malware is extremely good at hiding itself.
there are some beta version tester around here, haven't heard them mentioning this.
Maybe this is old news, but it was certainly new to me.
I tried to submit the following to Chase last year (prior to giving into IE 7/Phishing Filter on my work PCs). Chase insists they were not hacked, and I likely mistyped the address, taking me to a cloned web site.
Now, it's a blatantly obvious attempt to gather all of my personal/financial info (something I hope no one would be dumb enough to divulge, but I imagine plenty have), but what I found shocking was that the web address indeed read "http://www.chase.com". What I later found out from my company's chief security officer is that; using JavaScript and similar languages, the phish can place an image of a legitimate web address over the address of the actual web server you're on and it can be accomplished on any browser that supports/enables JavaScript.
Call it paranoia, but now I personally avoid surfing to any financial sites unless I absolutely have to, and will only do so on a browser with the appropriate security/filtering.
Attachments
more on this particular method from Wikipedia:
Once the victim visits the website the deception is not over.[33] Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.[34]
An attacker can even use flaws in a trusted website's own scripts against the victim.[35] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.[36]
A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.[37]
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.[38]
Once the victim visits the website the deception is not over.[33] Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.[34]
An attacker can even use flaws in a trusted website's own scripts against the victim.[35] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.[36]
A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.[37]
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.[38]