See also the security topics page, including the blog posts on security on that page.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Clicking on email link or attached file is risky: merely clicking on a link to go to the claimed site can result in compromising the computer for some users. While Mac users are generally better off a Mac is no guarantee, and all sorts of nasty tricks can be played on the desgination sites.
Phishing relies on “social engineering”, particularly an emotional reasponse (greed, fear, loyalty, irritation, friendship, authority, etc). Often the phishing emails are difficult to distinguish from a legitmate email from the company being imitated. The destination web site may be a clone of the real one, which makes it even more “real” for the victim.
What you may lose: username and password, security codes, credit card numbers—anything you can be tricked into entering on a phishing site.
Example — phishing for Amazon users
Lloyd buys a lot of stuff at Amazon, so these almost fooled me at first: Amazon sends a fair number of fairly simple emails, so the phishing emails don’t have much to make the fakeness obvious. But one key giveaway: the Return-Path field in the email. It’s one reason I dislike Apple Mail on the iPhone/iPad: key clues like that are hidden.
Making the rounds for the paste month or two are phishing emails purporting to be from Amazon. These include emails about promotional credits, about a purchase shipping, etc. MPG receives up to five such emails every day.
- NEVER click on links in emails that you are not 100% certain of from a trusted party beforehand. Particularly on a Windows PC, though Mac users are at risk too.
- Configure your email program so that images not automatically load in your mail program. If Mail loads images automatically, you’re essentially telling the sender (the criminal sending the email) that s/he’s got a “live one”: you. Ditto for mail on the iPhone or iPad.
This email is from Amazon. It might as well be from Apple, The Gap, FaceBook, Twitter, etc. The style and risks are the same. In this case one giveaway was also that it was sent to my email that I never use for Amazon—a good reason to use various emails, some dedicated even to a specific vendor.