Be Scared, Be Very Scared.

While Macs are relatively free of viruses and spyware and malware in general there is one area that isn’t as secure as you may think. That area is identity protection. And one way criminals steal your information is from phishing.
Phishing is where you get an email from a company that you may have an account with i.e. your bank, Amazon.com, or Pay Pal, and they ask for you to click on a link to go to their website and confirm your log-in or credit information. Once you click on the link and go to a legitimate looking web site and enter your information, the criminals take your information and sell it or utilize it for fraudulent purposes.
There was a story this week that the Chief security officer of Pay-Pal recommended against using the Safari browser for online transactions. His reasoning is that Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, and Safari’s lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. Whereas the Firefox and Opera browsers on the Mac do have these features.
So how do you protect yourself from phishing? By far the simplest and 100 per cent secure way, is to never click on a link to a site from an unsolicited e-mail. Below is an example of a bogus email from supposedly Pay-Pal.
Phish Mail

Notice that the reply to: address is not anything like Pay-Pal and that by rolling over the Resolution link we can see that it links to paypal-secure-login.com which is a bogus site. Just because the URL contains the phrase paypal doesn’t mean it goes to Pay-Pal.
If you do receive an e-mail that you think is legitimate, don’t click on a link, go to your web browser and manually type in the correct URL for the company that the e-mail is supposedly from. In the case of Pay-Pal, that URL is http://www.paypal.com/ . If you don’t know the URL for the company, like your bank, you can always call them on the telephone to resolve any legitimate issues.
The best advice is to be suspicious of all unsolicited e-mail.

Comments: 3 Responses to “Be Scared, Be Very Scared.”

    2/28/08 @ 10:35 am

    When I get one of these types of email I forward it to spoof@xxxxx.xxx.
    I know PayPal & Bank of America monitor this address. I haven’t had any bounce backs from others I’ve forwarded.

    Also, in Apple Mail before I forward it I select View> Message> Display Long Headers.

    Nina
    2/28/08 @ 10:50 am

    Of course paypal is owned by eBay which is not a Safari-friendly site. But do you agree w what he said abt Safari not being safe? I seem to get all kind of warnings from Safari when it thinks I’m not going to a safe site…………

    shaf
    2/28/08 @ 1:14 pm

    Pay-Pal Is telling the truth that Safari doesn’t have the colored tool bar like Internet Explorer but neither does Firefox as far as I can tell. My take is that if you’re aware enough to know what the toolbar colors are and what they mean, you’re probably aware enough that you’re not easily spoofed.

Comments Closed.