PayPal recommends surfers don’t use Apple Safari to browse the web

Graham Cluley
Graham Cluley
@[email protected]


Michael Barrett, PayPal’s chief information security officer, is reported in the press today as recommending that surfers use Internet Explorer, Firefox or even Opera in preference to Apple’s web browser, Safari.

Safari is the default web browser which ships on Apple Mac computers, laptops and even the iPhone, but a version for Windows was also unveiled to the world in June 2007.

Safari doesn’t command the same kind of marketshare as Microsoft Internet Explorer and Mozilla Firefox (the latter of which is also available in an Apple Mac version), but it’s likely that many Apple owners have stuck with the default web browser which shipped with their computers. 

Sign up to our free newsletter.
Security news, advice, and tips.

In PayPal’s opinion, Safari users are making a mistake.  PayPal thinks that (at the moment at least) Opera, Firefox and Internet Explorer are safer for the average user.

People’s ears prick up when a company as prestigious as PayPal make a statement like this – but what’s the truth? 

The fact is that phishing is primarily a human problem, rather than a technological one. Yes, it’s a good idea to keep your browser up-to-date with patches, and if your browser has strong anti-phishing technology built into it – all the better.   But ultimately it’s the user who decides to click on a web link in an unsolicited email, or enter their username and password on a site which later turns out not to be trustworthy.

Browsers can help reduce the risk through technology – but it would be a mistake to rely on them entirely for the security of your data.

If you don’t have confidence in the workers in your company, and worry that they are putting your business at risk by using unauthorized web browsers then consider using application control to police what programs get used by which users.  And whichever browser your company ends up choosing to access the web, ensure that surfing is being secured and controlled with a solution like Sophos’s WS1000 Web Appliance which can block access to sites containing malware, spyware and other online threats.

PayPal and its sister company eBay are members of the Anti-Phishing Working Group (APWG), an organization dedicated to wiping out internet scams and fraud. The companies have published several tutorials on how to spot phishing emails:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.