User profile for user: a brody
a brody
User level: Level 10
(83,529 points)

How to handle phishing?

by:  a brody
Last modified: Jun 2, 2024 10:58 AM
3 360 Last modified Jun 2, 2024 10:58 AM

A frequent question is whether or not Macs need anti-virus. Generally, it is more important to recognize how to handle phishing (another term for spoofing attempts) than try to install anti-virus software. Anti-virus software can help, but generally slows down Macs if left in automatic running, and really is only needed if you already feel that you have allowed yourself to be spoofed and allowed entry by malicious attackers. VPNs may help in preventing people monitoring you, but the downside of them, is their traffic is limited by the host's own firewall. A VPN can also prevent once from being able to use wireless or network printing in your home, since it similates access through an external network as if it is your own. Better is to use Private and Incognito modes on web browsers for sites you worry about tracking you. Even then, many ecommerce sites will fail to work if you don't work with their cookie system.


This tip explains how to handle phishing before it becomes a crisis condition. If you feel it is a crisis condition after following the steps in this tip, indicate you have looked at this tip, and want to know how to take further steps to protect yourself in a new topic thread.


One of the most common phishing attempts is advertisements for optimizers. I've written a tip to address if you have downloaded optimizers below:

Amended comments to MacKeeper tip - Apple Community


Another form of phishing comes in the notifications, the floating dialog that appears in in the corner of the screen. This tip describes how to handle these:

Stop unwanted Notifications - Apple Community


If you get a popup suggesting to call a phone number for support, or suggesting you might have been infected, follow these directions on a Mac:


  1. Hit the key sequence command-option-escape
  2. Select each web browser in the Force Quit window that appears as a result of step 1, and select Force Quit.
  3. When you restart each web browser, hold the SHIFT key. This will force it to give you option to load the last webpage viewed, or the homepage or blankpage. Homepage or blank page is what you want.
  4. Edit your browser preferences to remove any Extensions you don't recognize. If you have a secondary place to remember passwords in a secure place, it is best not to remember passwords solely on the web browser, as you'll want to clear cache and cookies, and log out of sites if you can. Doing so, may create a scenario where the browser doesn't store the password in question.


On Windows step 1 is hit control-alt-delete, and step 2 is select Task Manager. In Task Manager you can select the web browser task and end task. The same shift key startup and extension management on web browsers exists on PCs as well.


On iOS, quitting apps is described on this article:Close an app on your iPhone or iPod touch - Apple Support


Recognize the construct of email addresses and websites


http : // subdomain . domainrootname . icannsuffix / pages off the homepage. where domainrootname is typically just the company name. If the company name has no hyphens the domainrootname does not either. The subdomain is not always present but indicates an individual computer managed by the organization, so be wary of career-datamaster.com website or emails pertaining to company named datamaster, or the like. I was once spoofed in a job hunt that way. icannsuffix is a two letter country abbreviation, a .com for commercial, .co.uk for company in the UK, .edu for education, .org for nonprofits, .gov for government, .net for network providers etc. Many spoofing companies have used the new allowances for .site or .xyz suffixes for their names to spoof company named sites. If uncertain if a company has a website address.

https://icannwiki.org/Country_code_top-level_domain

has a good overview of those suffixes.


https is used for secure websites, and so are .shtml and .aspx pages. username@subdomain.domainrootname.icannsuffix is the construct of an email address with the same rules as websites. You can click your mouse pointer on the drop down arrow or hover over most email addreses that are auto completed with company or individual name, as the address to determine the actual address in an email. Most email software let you also view the source of the email to see any irregularities in the construct of the email headers. If in doubt, ask. Never respond to something that looks like a spoofing also known as phishing website or email.


Email is itself not a very secure platform to send Personal Identifiable information. Discuss with your recipient of email any more secure platforms they may have before relying on email. There is this article that handles a more secure PGP email system for Macs:

https://proprivacy.com/email/guides/pgp-mac


Lastly, this reference can help you choose web browsers available for your Mac OS for best security. Phishing sites may still come up with the most secure web browsers, but that's the purpose of this tip is to be aware of what sites do.

Browsers by Mac operating system - Apple Community


Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up