All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Capacities up to 56TB and speeds up to 1527MB/s
Handpicked deals...
$470 $470
SAVE $0

$470 $470
SAVE $0

$4499 $2999
SAVE $1500

$200 $165
SAVE $35

$398 $248
SAVE $150

$4999 $4499
SAVE $500

$2199 $1999
SAVE $200

$2799 $2349
SAVE $450

$120 $120
SAVE $0

$3099 $2499
SAVE $600

$249 $149
SAVE $100

$100 $60
SAVE $40

$2844 $2297
SAVE $547

$1099 $1019
SAVE $80

$899 $530
SAVE $369

$1199 $1099
SAVE $100

$1999 $1379
SAVE $620

$999 $949
SAVE $50

Beware of Phishing — Fake Chase Bank

See previous security tips and previous phishing posts.

Back in February I showed one example of a fake Chase Bank phishing example. Below is another, just as badly done, but many people are fooled. See also:

What is phishing?

Phishing is an attempt to induce you to click on something that directs you to a fake web site containing malware. The truly unwary will then be persuaded to enter their banking credentials. Or it might just be that you get malware hijacking your machine (Mac users are not immune to this).

Nearly all phishing uses bait (and you’re the fish). Bait can be subtle, threatening or insulting. Don’t bite. All bait is designed to provoke a reaction: fear, anger, an appeal to your innate decency to help with or solve a problem, need to respond to your bank or whatever.

RULE: ***NEVER*** click on links or attachments in email!!!

Never means never unless you gain the technical competence to verify the email. Even so, that can sometimes take several minutes to be sure—and the more sophisticated the phishing, the easier it is to overlook a crucial detail.

Below, the attached screen shot shows a relatively crude attack but for most people.

Continues below...

Phishing email purporting to be Chase Bank

Apple’s sloppy approach in Mail is unacceptable

Some of the parts of an email that would immediately flag the email as risky are in fact hidden. In other words, Apple puts you at risk to make emalis look neat and tidy.

Specifically, "Return-path:" is hidden by default (and sometimes “To:” also. See Apple Mail Security: Viewing Mail Headers. MPG considers it an unacceptable security issue—if you cannot see the obviously bogus header, you might not know the email is a phishing attack. Apple is irresponsible in not flagging such issues.

Why does Apple Mail EVER allow this level of exposure to risk? It is security malfeasance for an email program to present users with such risks.

Safari has active detection of malware sites, but Apple Mail blithely enables outgoing links, making them clickable and thus a serious risk.

It’s about time Apple fixed such sloppy security practices in Apple Mail. Users should not have to be aware of such risks—the risks should be eliminated. We get new emojis with every OS release with top billing in Apple press releases, but Apple cannot be bothered to fix a core Apple Mail security risk? Irresponsible Apple.

The proper first step that Apple should take is to disable all outgoing links in all emails so they are no longer clickable as links. Bonus points for showing the actual destination URL instead of the title. In terms of security, 99% of users would be well served by this. And would bitch and moan about the loss of convenience, but it is the smart thing to do by default.

Next, allow the user to downgrade the security from there, e.g., allow clickable links to (1) only sites previously visited and (2) known-good sites and (3) enable all sites as is allowed now for those who like to take the risk. A bonus feature would be to change the links so that clicking on one presents a dialog showing the actual destination URL and a rating as to safe, unsafe, unknown, then allow the user to take the risk by choice. I deem this a useful thing for technically skilled users, inadvisable for most.

Why hasn’t Apple fixed this extremely dangerous practice right in Apple Mail, and done it two years ago? My view is that the Apple Mail development team is a skeleton crew, because Apple Mail is rife with bugs.

View all handpicked deals...

Dell Vostro 3470 Small Desktop Computer
$470 $470
SAVE $0

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__