Protect Your Mac From Bad Guy Phishing

| How-To

The kinds of assaults on your Mac from the Internet have changed. As Apple, and others, have shored up OS and browser security, the new preferred assault method is phishing. Apple can’t help you there. You need to know the techniques that will help you defend yourself from phishing attacks.

What is Phishing? Phishing is a message to you, on a website, an e-mail or tweet that exploits the human weakness for curiosity, greed, and inexperience in some combination. The message entices you to take some action — log on to what you think is your bank, click on a link, or download and run some software that turns out to be malware. At that point, the integrity of your computer and/or your privacy and security may be compromised.

Some phishing schemes bypass the normal protections provided by Mac OS X: the firewall and sandboxing. If your system isn’t completely up to date with security patches, visiting a malicious website could deliver a data payload that infects your Mac. Or, if you’re tricked into downloading and running malicious software, all bets are off. Mac OS X could be damaged for good and need reinstallation. Note also that phishing can trick you into doing something foolish at a website without necessarily infecting your Mac. You just cough up private info that you shouldn’t.

This howto covers strategies for preventing a successful phishing attack and also suggests some remedies if your Mac does get infected.

Internet Bad Guy

I. Myths

First, to prepare yourself, you need a healthy, informed, rational approach to OS security. For example, just because the Mac is fairly immune from external Internet assaults on its Ethernet ports (the “port scan”) and Safari is being increasingly hardened, doesn’t mean you can’t accidentally fall for one of these phishing attacks. The bad guys love phishing because they trick the user into bypassing the usual protections thanks to the human traits mentioned above: curiosity, greed, naivete.

Some will tell you that a Mac doesn’t need virus protection, and that’s generally true. On the other hand, what you do need is software that can detect, via their software signatures, whether other kinds of malware have been installed on your Mac.

Companies like Symantec maintain data centers (war rooms) where they assess on an hourly basis the most popular and dangerous malware. Signatures are identified, and your Mac’s security software is updated to look for these signatures and, if possible, eradicate the software. So let’s be level headed here: well written software, if given permission, can always infect your Mac’s OS if you give it permission. And by permission, I mean a straight double-click install and/or request for an admin password. 

Pundits and amateurs will say that these security companies are crying wolf to scare you and then try to sell you their security software.  Ignore the amateurs.

II. Prevention

Here are the five core techniques that will help you defend against phishing attacks. I make strong recommendations based on my experience, but there are certainly variations on a theme that I won’t have space to cover here.

1. A Layered E-mail Defense. Use a large, well-knowm e-mail service that uses blacklists and provides a first level of defense against spam. You can typically log on with your account info and manage security settings. Google mail and Earthlink are two that come to mind. MobileMe doesn’t do this.

Next, if you’re using a compatible e-mail client, like the Apple Mail app, or a host of others, use the terrific SpamSieve software. This combo will ensure that very little spam gets through to you, and that will help a lot. I have found SpamSieve to be preferable to Apple Mail’s junk mail filtering.

Finally, use e-mail rules to separate e-mails from people in your address book from those who aren’t. Anyone who gets through the gauntlet above but is not in your address book should still be treated with considerable skepticism.

Phish-1E-mail Rules help you isolate strangers from friends

2. Safe Handling Instructions. Once an e-mail does get though your layered defense, and it’s still not from a person you know personally, it could still be a threat. It might look as if it’s from your bank and ask you to go to a link, log on and validate your credentials. Or it could direct you to a website that secretly assesses the security of your browser and tries to exploit unpatched vulnerabilities. Or it could offer you free, trial software with a license key, sometimes even security software, that promises you some benefit or even protection. Or it could ask you to go to a website and enter some private information.

These are all danger signs. You didn’t ask for this e-mail, and you’re being made an offer that seems irresistible. It’s as if some guy in the grocery store approaches you and says, “Hey buddy. If you give me your car keys, I’ll go wash your car for you for free while you shop.”

You might even have to be careful if a friend sends you a forwarded e-mail for something they thought was a good deal or a cute link. Maybe they didn’t exercise the same judgment, and you shouldn’t assume that because they forwarded the e-mail that the links are safe. When in doubt, even if it promises the cutest kitten movies, ignore it. Idle time, something free or ridiculously cheap and and your curiosity are the red alerts you should be attentive to.

The Apple Mail app provides a mechanism to help you assess whether a link has been disguised. E-mail can be tricked into displaying one link that looks innocent, “www.capitalone.com,” but in fact is, “thebadguysinmoscow.ru” To see the real link, hold you cursor over the link, WITHOUT CLICKING!, and wait for the yellow box to reveal the true link. For example, here’s a bogus message I got that appeared to be from Paypal, but holding the cursor over the link shows that it would have taken me somewhere else indeed.

Phish-2

Bogus Paypal Message. Hover over link to reveal the real URL.

The same goes for Twitter.  I got a tweet once that said, “Like your iPad? I got mine free. Find out how I did it.” A URL followed. Needless to say, I didn’t click on the link. Also, odd formatting, poor grammar and spelling are sure signs the sender isn’t a native English speaker. Watch for that. 

In summary, treat e-mail and all other social networks as communication between acquaintances. As soon as a stranger makes you an offer of any kind, delete the message. If it seems to be someone you do business with, don’t use the phone number in the e-mail. Use your own address book records or Google/Bing to verify their contact info and ask for verification. Banks will never ask you to go to a link/website and log on to fix some fabricated problem that sounds dubious.

3. Check for Patches Daily. In System Preferences -> Software Update, Apple graciously gives you the option to check for updates monthly. That isn’t nearly often enough, and I recommend daily.

Phish-3

System Preferences -> Software Update

You may hear about exploits by security researchers, but it typically takes some time from when it’s discovered until kits that are distributed to bad guys have a weaponized version of the exploit. Even, so, criminals live on Internet time, and so should you. Let your Mac watch for updates daily and always apply them right away. The same goes for 3rd party software, say, Firefox if you use that as your browser.

4. Use Trusted Security Software. Get to know about the respected and legitimate security software for the Mac. TMO and others publish reviews from time to time. These are products from Intego, McAfee, and Symantec. Don’t install security software that you’ve never heard of, haven’t read a review of, and is introduced to you for the first time in an e-mail or a tweet.

Phish-4

Example Security Software: Virus Barrier X6 from Intego

Well-known and respected products are VirusBarrier X6 from Intego and Symantec (Norton) Internet Security for Mac. Don’t let the word “virus” in the name deceive you; the Intego product does a whole lot more to protect you.

As I mentioned above, these companies track all the current threats for Macs and PCs in so-called war rooms. They send out updated files, daily for PCs and weekly for Macs, that contain information about how to detect malware on your machine. In most cases, the security software will provide the ability to delete the malware.

These companies will also advise you in their news sections about major new threats or phony security software. For example, there is a bogus one going around now called Mac Defender. Mac Defender was introduced to users via phishing. (Here’s more info from TUAW.) Another good watering hole for Mac users to help stay on top of the news is SecureMac.com.

5. Watch Where You Walk. Finally, just be careful out there. Stick to legitimate websites and, if you do get led astray, watch for when you seem to be led down a deeper and darker alley on the Internet. When in doubt, stop, close the tab and walk away.

If you haven’t heard, pornography sites are often pre-loaded with special software kits designed to probe your browser for weaknesses and insert malicious code into your Mac. Stay away from them.

Browser plug-ins like “Web of Trust” (WOT) link to a worldwide web of users who have earmarked certain sites as dicey or dangerous. I have it installed and have found it useful.

Learn to recognize the appearance of warnings from your own security software. This is so that if you see a weird popup that says something alarming, you’ll be able to diagnose that it’s a phony message. The classic example is the Windows popup ad from a decade ago that said: “Warning your PC has been infected!  Click here to clean your computer.” Of course, as soon as you click on it, software was downloaded that infected your PC.

This just touches the surface, but should get you started. There are lots of other articles that are helpful if you take a look around. Here’s one from just yesterday from Business Insider with some good advice.

III. Remedies

Let’s say you have some strange popups that entice you to go somewhere you shouldn’t. Or your Mac is acting strangely, slowing down, or starts to exhibit some of the symptoms described in this article. Or your security software puts up an alert. What can you do about it?

1. Security Software. If you have security software installed, let it try to deal with the problem. Don’t call AppleCare, and don’t pack up your Mac and take it to the local Apple store. You’re on your own here. Most of the time, the security software will be able to delete the malware. In the process of scanning your Mac, note that it may also pick up PC viruses that were inadvertently transmitted to you in an e-mail from Windows users. They generally can’t harm your Mac, but delete them too.

2. Restore from a Time Machine Backup. If you have wisely maintained Time Machine backups, you can go back in time, before you were infected, and restore your system to exactly how it was at a previous date. You’ll lose work you did since then, but it beats having to reinstall your whole OS. Instructions for how to do that have been published by Apple.

3. Reinstall the OS. The worst case senario is that you’ll need to reformat your hard disk and reinstall Mac OS X from scratch. Then use the lastest Combo Updater to bring you up to date. Of course, you’ll lose all your documents, settings, licences, and installed software. Again, this is why you’ll want to have a backup of your entire user directory (directories if multiple users) even if it’s just a Finder copy to an external disk.

This last option can get complicated, time consuming and risk all your data. More detail is outside the scope of this howto. I mention it only to create some angst so that you’ll take backups of any kind, including the easy to use Time Machine, more seriously.

Conclusion

You are your own system administrator. It does require a little bit of time and education to tune up your Mac and educate yourself for optimum security against phishing. Hopefully, this article will get you started with the essentials of staying safe on the Internet. But be aware that it just scratches the surface, and constant vigilance and learning is essential.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

7 Comments Leave Your Own

eolake

Thanks, dude.

honkj

what is particularly dangerous about this person’s advice is that Sophos software (and all the other “legit” AV software) is 1 million times more likely to destroy data on their computer someday, than the malware it was supposed to protect from, (and doesn’t protect from in the first place) see link below…

you literally increased people’s chances of losing data from “legit” AV software by 1 million times from bugs in the constant updates to these stupid companies software because of the PC definitions they constantly add.

http://news.softpedia.com/news/Sophos-Anit-Virus-Software-Causes-More-Damage-Than-All-OS-X-Viruses-Trojans-and-Worms-Put-Together-18620.shtml

http://www.eweek.com/c/a/Security/McAfee-Scrambles-to-Contain-Virus-Definition-Gaffe/

http://www.computerworld.com/s/article/9175940/McAfee_apologizes_for_crippling_PCs_with_bad_update

there are two to three things a Mac user needs to NEVER do:

1. NEVER download AV software for the Mac, (no matter how much a website pleads and says your mac is “infected”, it is not) or how much a blog like your’s makes you think you need it….  downloading even legit AV software is very dangerous and does not protect from the real threat, which is future trojans. (unsurprisingly this advice would have saved everyone from the latest malware that didn’t know already,  where the blogger’s advice taken at face value,  (to download “protection”)  would have cost you your credit card number if downloading this latest “protection” malware, because people don’t know what “legit” means in your world.
2. never download Video/flash/ or codec “updates” from web sites no matter how much they plead when you are trying to view porn or other video as a mac user you do not need an “update” to view video EVER?  only use your built in Mac software updater?  and don’t even do that until weeks after Apple has issued them,  to see if people are complaining from bugs from that updater.
3. never download anything from a websites, that you did not go to in the first place to download something,  as a mac user you never have to download software from any random websites.

now you are 100% protected from every known Malware for the mac to date, and you have a leg up from future trojans, better yet, you are also 100% protected from this person’s advice that will cost you your data someday, downloading Sophos, or other AV software IS DANGEROUS to your Mac’s data.

Victor Panlilio

John wrote: “You are your own system administrator.”

OK. But millions of people don’t WANT to be system administrators. They want “it just works.” They want the convenience of the curated app store. I don’t miss the complexity of the legacy ‘personal’ computing model, which requires users to manage a lot of moving parts, as clearly seen in your article. Once iOS devices are cut loose from their dependence on a legacy host computer for media backups and system updates, they will become the preferred ‘personal’ computing solution for many. Or, as one wise observer noted, we have to get past the notion that not wanting root access is a mental deficiency.

wab95

John:

Many thanks for a sober, if not gutsy, discussion of internet security. I was going to share some thoughts on the subject, but include them below in my reply to honkj.

you are also 100% protected from this person?s advice that will cost you your data someday, downloading Sophos, or other AV software IS DANGEROUS to your Mac?s data

Honkj:

I appreciate that opinions appear to be split in the Mac community on the value of AV or, more broadly, internet security, software. From my observation of blog posts (which may not be representative of views in the greater Mac user community), most people who post appear sceptical of the added value of such software.

While one of the reasons cited against using it is that your computer takes a performance hit when running it, I’ve not heard before that such software is dangerous to your Mac’s data.

I have used security software on my Macs since 1997, with most of my business Macs running it, and some of my home Macs not during the same observation period. This is a dozen or so personal machines over the period. I never observed data loss as a function of normal software performance (okay, MS Word, but let’s not digress), nor have I had security software harm my data. I have used nearly all of the major products, including Intego (my current package).

I agree with your suggestion, which is a central theme of John’s above, that best practices are your principal line of defence, but am curious as to how security software harms your data, and importantly, how commonly this occurs.

John Martellaro

Victor: the bad guys are just too smart, too clever.  Harking back to a simpler time of happy-go-lucky Internet isn’t going to work.  Either people learn how to defend themselves, or they’ll be taken advantage of. That’s true with car dealers, credit cards, home loans, food products, and life on the Internet. It’s just something we have to deal with because the Internet and software technology allows the bad guys to be sooooo clever.

Wab95: Some of the security software was indeed a CPU hog on Core 2 Duos.  But with modern quad core processors, it’s much less of a problem.

wab95

Some of the security software was indeed a CPU hog on Core 2 Duos.? But with modern quad core processors, it?s much less of a problem

Certainly. It was even worse with the core duos.

I have seen downloads blocked, work slowed to virtual interruption, actions halted pending scan completion, etc, but, at least in my experience, I have not had files corrupted.

Which is why I would be interested in honkj’s (or anyone else’s) confirmed data damage from security software. I would think that a bug in the software, and an actionable item on that company’s ‘To-Fix-Pronto’ list.

Admittedly, with internet security, as with backups (also security but of another sort) there is a tension between security and convenience, the ideal balance between which will vary by user and their needs. However, when you consider that most critical tasks employ a system of cross-checks, one can regard a good security package that runs in the background as another pair of eyes to backstop one’s own best efforts.

Victor Panlilio

John, you wrote: ” Either people learn how to defend themselves, or they?ll be taken advantage of’

Again, true. In addition to many of the countermeasures cited, I use ClamXav, OpenDNS filtering, Ghostery, NoScript, AdBlock, FlashBlock, ClicktoFlash, LittleSnitch, MacScan, etc.

However, in contrast to the multilayer defences I use on my Macs, I don’t have any on my iPhone or iPad. iOS comes closer to fulfilling the hassle-free promise of ‘appliance’ computing compared with MacOS X, Linux, or Windows. I expect that the iOS model will thus become vastly more popular.

Log-in to comment