European Union Flag
European Apple Users Information & Support
LOGIN
Find the right Mac security product for you
RSS Feed Icon
via fetchrss.com
The next event is:
CES 2018

On 9 January 2018
More events…

macOS 10.13 High Sierra
FREE
Amazon UK Mac Software Affiliate Link Discounted Shopping via QuidCo
I love Quidco
I love Quidco

Mac Security Article #3 - Malware, Social Engineering and Scams

Article ID = 83
Article Title = Mac Security Article #3 - Malware, Social Engineering and Scams
Article Author(s) = Graham Needham (BH)
Article Created On = 16th July 2012
Article Last Updated = 1st March 2016
Article URL = http://www.macstrategy.com/article.php?83

Article Brief Description:
Information about malware and recommendations for preparing yourself against social engineering tricks and scams

Malware, Social Engineering, Phishing and Scams

This article has the following sections:
  1. Malware
  2. Social Engineering
  3. Social Networking Sites
  4. Scams
  5. Children On The Internet
  6. Further Reading and Useful Links
It is number three in a series of MacStrategy security articles.

Malware

Malware comes in many different forms but it's ultimate goal is to steal information from your computer usually account details (user names/passwords) and/or financial information (bank account/credit card). If you follow the advice in this document and our series of MacStrategy security articles you will be a lot safer from malware. Some types of malware include:
  • Viruses and Worms: Viruses when opened/run will infect other software/areas of your computer. Worms are similar but are able to infect other computers on the network automatically without you knowing. There are currently no known Worms for Mac OS X. However, viruses do exist for Mac OS X but they can only infect your computer if they are opened/run hence you should familiarise yourself with our Security - Software article.
  • Trojan Horses: For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by you or the administrator of the computer on which it is running. Concealment can also help get the malware installed in the first place. When a malicious program is disguised as something innocuous or desirable, you may be tempted to install it without knowing what it does. This is the technique of the Trojan horse or Trojan. In broad terms, a Trojan horse is any program that invites you to run it, concealing a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting your files or further installing malicious or undesirable software. Trojans can only infect your computer if they are opened/run hence you should familiarise yourself with our Security - Software article.
  • Spyware and Keyloggers: These are malware applications that once installed will watch what you do on the computer and record/capture important information (e.g. the username and password you may type in for your online banking service). One of the most common ways that spyware is distributed is as a Trojan Horse (see above) bundled with a piece of desirable software that you download from the Internet. When you install the software, the spyware is installed alongside. Spyware and Keyloggers can only get on your computer if they are opened/run hence you should familiarise yourself with our Security - Software article.
  • Rootkits and Backdoors: These are methods of compromising your computer so that it is very difficult to remove the malware that is installed. There are hardly any for Macintosh computers but once again they can only get on your computer if they are opened/run hence you should familiarise yourself with our Security - Software article.
NOTE: In 99.99% of cases malware is after your information/money - usually for such software to work it needs to get on your computer.
The different ways for malware to get on your computer:
  1. Someone will sit at your computer and install it - see our Security - Physical article
  2. Malware will try and install itself on your computer - see our Security - Software article
  3. You will be tricked into installing the malware on your computer - see the rest of this article
  4. Malware will attack your computer via a network connection/the internet - see our Security - Networking/Internet/Online Shopping article
  5. Malware will use a "vulnerable hole" in your software to try and install itself - see our Security - Software article
  6. Malware will simply install itself on your computer without you knowing or any interaction - if you have followed the advice in our series of MacStrategy security articles this will be virtually impossible
Malware Detection And Removal Software
NOTE: Most malware detection and removal software is free for "home" or "non-commercial" use, otherwise there is an upfront license cost to pay plus possibly a monthly/yearly subscription - please check your licensing requirements and the possible ongoing costs before making any purchases.
Anti-Virus Software For Macintosh Computers
NOTE: A lot of anti-virus software is free for "home" or "non-commercial" use, otherwise there is an upfront license cost to pay plus possibly a monthly/yearly subscription - please check your licensing requirements and the possible ongoing costs before making any purchases.

Social Engineering

Social engineering is all about tricking you into doing something you don't want to do. This type of attack comes in many forms.

Email

One of the easiest forms of tricking you is using spam email. Spam emails will try and elicit personal/financial information from you (this is known as phishing). Spam emails can contain false information, pretend to be from someone they are not and contain links to malicious web sites. They may look terrible (and obviously bad) but they can also look very convincing so always be wary of any emails with links or attachments. Always think before you click:
  • Don't click on links in email messages - if you need to go to web site use your personal bookmarks or type the URL into the browser!
  • Don't open email attachments including joke pictures, funny movies, PowerPoint files, etc if you don't know who sent the email and even be wary if it is from someone you know (are you certain that it's a legitimate file?).
  • Look out for alarmist messages, misspellings and grammatical errors, deals that sound too good to be true or requests for sensitive information like bank account numbers or passwords.
  • If you get emails from friends asking for help try contacting them via another method like text/SMS, a phone call to confirm they really are in trouble. Most people will call you for help rather than send an email!
  • Use your common sense!
Phishing Information And Where To Report It

Web Browsing

Malicious web sites will try and elicit personal/financial information (especially credit card details) from you or they will try to surreptitiously install malware on to your computer (this is known as a drive-by download). Always think before you click:
  • Configure the security settings in your web browser.
  • Whenever you need to enter credit card details double check everything especially that you are on the right web site and make sure the connection to the website is secure.
  • Be wary of clicking links or buttons in pop-up windows.
  • Don't download files/software unless you are certain that it's legitimate.
  • If a web page spontaneously pops up a window that won't go away when you click the close button or press the escape key then close the entire web page/tab. If that doesn't work quit your browser. If that doesn't work then force quit (command-alt-esc) your browser.
  • Read up on our Security - Networking/Internet/Online Shopping article.

Social Networking Sites

Social networking sites like Facebook, Twitter, Google+, etc are common ground for malicious attacks and stealing of information. Most of these sites have fairly lax privacy rules (especially Facebook).
  • Be wary of clicking links or buttons on social networking sites.
  • Be careful of what personal data you share and who has access to this data.
  • You should think twice about posting information such as address, phone/mobile number, place of employment and other personal information that can be used to target or harass you.
  • If the option is available consider limiting access to posted personal data to "friends only" and attempt to verify any new sharing requests either by phone or in person.
  • When receiving content (such as third-party applications) from friends or new acquaintances, be aware that many recent attacks have leveraged the ease with by which content is automatically accepted within the social network community. This content appears to provide a new capability, when in fact there is some malicious component to it.
  • Regularly review the security/privacy policies and settings available from the social network provider to see if new features are available to protect your personal information.

Scams

  • If an offer sounds too good to be true, it probably is
  • If there's an offer of a cheap Mac, iPhone, iPad or iPod then it's probably a scam
  • If there's a chance of winning a Mac, iPhone, iPad or iPod without you doing anything other than clicking or link or just entering some personal information then it's likely to be a scam
  • If you can't think of a good reason why you were singled out for a windfall or some prize money, it's probably a scam
  • Don't believe things just because they are stated in an email or on a website
  • Don't click on alluring links without thinking through the possible consequences
  • Never provide personal or company information unless you are certain of the identity and authority of the person requesting it
  • Never reveal personal and financial information via email or by following links to sites to enter such information
  • If you doubt the legitimacy of email, contact the sender by a separate channel that you look up
  • Check URLs of sites you visit to be sure they are the URLs you actually want, not a similarly named one that may be malicious
  • Don't send sensitive information over the Internet if you aren't confident of the site's security

Children On The Internet

Set up a dedicated, restricted account on the computer using parental controls. CEOP's online safety tips for parents:
  • Know what your children are doing online
  • Get them to show you how to do things
  • Help them understand not to give any personal information to online friends
  • Teach them to ignore spam
  • Teach them to ignore files sent by people they don't know
  • Teach them some people lie online
  • Tell them to keep online friends online
  • Keep talking so they know they can always tell you if something makes them feel uncomfortable
  • Show children how to block people online and how to report them

Further Reading and Useful Links


Article Keywords: Macintosh Mac OS X OSX macOS Security

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.


If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.