In this episode The Sage shows you how to prevent yourself from falling prey to phishing scams using some of the built in features of Apple Mail and Safari (difficulty level: easy).

You can watch this episode here

There are several features within Apple Mail and Safari that should be used routinely to ensure that you do not fall into phishing scams.

So What are They

Let’s start with Mail.app

When placing a link on a web page or in an email, the link can be created so that it says whatever the author would like. For example you can make a link that says WHATEVER and have it link to the heysage homepage. This ability is used and abused to trick unsuspecting users into phishing scams.

For this reason it is good to check out the true address of the link before clicking on it. Don’t take the text for granted and assume that it states where the link will take you. To check the link destination in apple mail:

  1. Place your cursor over any link (denoted by blue text and an underline).
  2. When you do so the link address will be displayed in a small window by the link

Discover Links in Mail

You can also inspect the long header in the email message by pressing ⌘⇧H. Look through the information to gain information about the message (be careful, some of this information can be easily spoofed).

Now, assume you blew it and clicked on the link in the email message. There are some features in Safari that can still save you.

In Safari.app

  1. Activate the status bar by pressing ⌘/ (this is deactivated by default)
  2. When you hover over a link the status bar will display the URL of the link. By using this information you can potentially avoid visiting undesirable locations.

Status Bar

Another “good practice” is to check the Verisign Secured SSL Certificate to verify the authenticity of the site. In the podcast example, the VeriSign link redirects back to the same phishing site rather than to VeriSign’s site.

Of course there are a number of other things that can be done to keep you safe from the phisherman. One of the easiest ways to protect yourself is to disable Rich Text or HTML email. Plain text email is not as nice to look at, but it is certainly safer. As a general rule it is always better manually enter the URL instead of following an email link.

Hopefully this is of help.

Technorati Tags: , , ,

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • Technorati
  • Slashdot
  • MisterWong
  • Fark