Mac users should scrap Apple's Safari and replace it with a browser that offers anti-phishing protection, such as Mozilla's Firefox or Opera Software’s Opera, a US magazine has warned.
Consumer Reports unveiled its annual Internet security survey on Monday, which showed that although Americans reported fewer spyware attacks and malware infections in the last year than in the past, phishing attacks remain a serious concern. It polled more than 2,000 American households with Internet access.
About 6.5 million consumers, or 1 in every 13 online households, gave identity thieves personal information at some point in the last two years, said Jeff Fox, technology editor with the publication. And 14 percent of those people actually lost money through the scams, which often rely on legitimate-looking websites that try to trick users into divulging bank account numbers, addresses and passwords.
Mac users are just as likely to fall for the fake sites as people running Windows, Fox said. "There is no significant difference" between the two groups - Mac and Windows users - regarding the likelihood of giving away information, he said. "Mac users are indistinguishable from Windows users here."
But users going online with Safari are leaving themselves at risk because the browser doesn't include tools to warn when a site is, or might be, dangerous. "The browser of choice for most Mac users, Apple's Safari, has no phishing protection," said Consumer Reports.
Until Apple adds anti-phishing tools, the publication recommended that Mac users steer clear of Safari, and suggested that they instead run the latest version of Firefox or Opera.
Both Firefox 3.0 and Opera 9.5 warn users when they're about to visit a known phishing or malware-spreading site, and block access to those sites. Microsoft's Internet Explorer, which already boasts an anti-phishing filter, will get an anti-malware tool in IE8, which is currently in beta testing.
This isn't the first time that Apple has come under fire for Safari's omission. In April, PayPal, eBay's payment service, said it would bar browsers that lacked anti-phishing features. Later, however, PayPal backtracked, saying that it would not block the current 3.x version of Safari.
"The Mac [phishing statistics] were pretty interesting," said Fox, who named it as one of the current survey's biggest surprises. "Mac users think that they don't need to worry about viruses and spyware," he said. "But email is the weak vector on the Mac."
Most phishing attacks begin when a user receives an email message - perhaps one posing as from her bank - that includes a link to a malicious website.
"This is the one area where the Mac doesn't have an advantage in security," Fox continued. "Significantly fewer Mac users were using anti-phishing technologies, but they were pretty much identical to Windows users about giving personal information.