A client of ours received an email warning her that someone had used her Apple ID to download an app:
This email did not come from Apple. This is a fake email, known as a phishing email, and they’re trying to bait the recipient into clicking on the links in the message. The message tries to trick the recipient into thinking their Apple account has been compromised, when in fact, the message itself, is attempting to do just that.
The links do not lead to Apple’s website. Instead, the links lead to a malicious website:
This is the first place your Web Browser makes a difference.
If you use Internet Explorer and click that link, it does nothing to stop it (and that’s with Smart Filter protection enabled).
If you use Firefox, it detects it is a malicious link:
If you use Chrome, it detects it is a malicious link:
By no means should you rely on your browser as your sole point of Web security, but you can see how Internet Explorer compares to Firefox and Chrome when it comes to ‘safe browsing’.
Next, you get to see how well your antivirus holds-up. For you Microsoft Security Essentials users out there, it does nothing to detect, nor prevent this phishing attack. If you’re utilizing ESET NOD32, you’re in better shape:
The Computer Peeps recommend a layered approach to Web Security, including OpenDNS Web Filter, Firefox w/ NoScript, AdBlock Plus, and Public Fox, as well as logging-in to your system as a non-admin + utilizing ESET NOD32 Antivirus (or one of the top performing antivirus solutions).
The takeaways from this post:
- Be cautious and aware of emails that are trying to get you ‘riled up’, so you click on something without thinking.
- Utilize an email service that does a good job of filtering out fake/fraudulent emails – e.g. Gmail/Google Apps for Business.
- Switch to Firefox or Chrome.
- Implement additional security in your Web browser – e.g. ad-blocker, Javascript/Flash blocker, password-protection for downloads/changes, etc.
- Utilize a proper antivirus solution, such as ESET NOD32 Antivirus.
- Do NOT use Microsoft Security Essentials.
- Utilize a Web Filter, such as OpenDNS.
- For daily-use, do not log in to your computer as an administrator.
If you have any questions, don’t hesitate to comment below or give us a buzz!
Dean
I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.