Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts.

Phishing attacks trick users into handing over sensitive data which can then be used by the criminal community

Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it. There are a significant set of users who use very old and vulnerable browsers such as early versions of Internet Explorer, many released more than 10 years ago. They lacks many of the security and safety features needed to protect users from phishing and other online attacks.

Legitimate sites

Paypal says it supports the use of Extended Validation SSL Certificates. Browsers which highlight the address bar in green when users are on a site that has been deemed legitimate.

The latest version of Internet Explorer support EV SSL certificates, while Firefox 2 supports it with an add-on, but Apple's Safari browser for Mac and PCs does not.

By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they're on the site that they thought they were visiting."

Paypal has published a white paper on managing phishing, written by the firm's chief information security officer Michael Barrett and Dan Levy, director of risk management.

Paypal has described the battle against phishing as a "fast-moving chess match with the criminal community".

This past week, thousands of high-ranking executives across the country have been receiving e-mail messages that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.

A link embedded in the message purports to offer a copy of the entire subpoena. But a recipient who tries to view the document, unwittingly downloads and installs software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords, and other personal, or corporate information.

This kind of tactic, aimed at specific individuals, is referred to by security experts as whaling. The term which is a play on phishing, has also been referred to as spear phishing.