One of the most important things you can do to stay safe on the Internet is to be careful while reading email. Thatâ€™s because online criminals know that weâ€™re all busy, and we often donâ€™t pay enough attention to what weâ€™re reading or where weâ€™re clicking.
To take advantage of our inattention, these Internet information thieves forge email messages to look like they come from the likes of Apple, Facebook, and Amazon, along with well-known banks, payment services, retailers, and even government agencies. We’ve received calls from several clients over the past few months who have received very realistic looking phishing emails. Even more dangerous are messages that appear to come from a trusted individual and include personal detailsâ€”these messages are often targeted at executives and company managers. Generally speaking, these attacks are called phishingâ€”you can see examples here.
The goal? Get you to click a link in the message and visit a malicious Web site. That site usually continues to masquerade as being run by a company or organization you trust. Its aim is to sucker you into revealing confidential information by asking you to log in, pay for a product or service, or fill out a survey. The siteâ€”or an attachment in the email messageâ€”might also try to install malware. Although macOS is quite secure, if you approve security prompts, it can still be infected.
Although phishing is a huge problem that costs businesses hundreds of millions of dollars every year, you can easily identify phishing messages by looking for telltale signs:
- Be suspicious of email messages, particularly from people you donâ€™t know or from well-known companies, that ask you to click a link and do something with an online account.
- Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages donâ€™t use official domains, so instead of paypal.com, the addresses and links might use paypa1.comâ€”close enough to pass a quick glance, but clearly a fake.
- Watch out for highly emotional or urgent requests. Theyâ€™re designed to make you act without thinking. Take any such messages with a grain of salt.
- Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it wonâ€™t have multiple egregious errors.
So what do you do if you get a message that may be phishing for sensitive information? Most of the time you can just ignore it. If youâ€™re worried that it might be legit, instead of clicking any links in the message, navigate to the site in question manually by typing the organizationâ€™s URL into your browserâ€”use a URL that you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you arenâ€™t expecting and never send confidential information via email.
If you think youâ€™ve fallen prey to a phishing attack and given away a password, youâ€™ll want to change passwords on any affected accounts. If youâ€™ve opened any attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected. Contact us if you need help. And remember, regular backups protect you from a multitude of sins.