I have a bridge in Brooklyn that’s for sale! The Mac Observer is reporting that a new phishing attack is out in the wild that is targeting MobileMe users. Tactlessly, the phishing email reports that your MobileMe account has been hit by a virus, and that you should respond to that email with your username and password. Pretty much as far from subtle as phishing gets.
This is a good opportunity to discuss security for users of Apple products. The way the mainstream media presents security threats, the user has no defense. In reality, that’s rarely the case. Occasionally, unpatched exploits in the software you use can be used nefariously, but that is comparatively rare. If you consistently update your operating system and applications, that is an extremely minor risk. More importantly, you need to watch what you install, and where you type your passwords.
If you’re using the iOS or Mac App Stores to download your apps, you don’t have to worry about what you install. Apple is protecting you from malicious software on that front. On OS X, however, you can install apps from anywhere. If you don’t know or trust the application vendor, you should think twice before installing it. In fact, think thrice before giving it administration privileges by typing your Mac’s username and password when it asks for it.
If you use secure passwords, mind what you install from 3rd parties, and selectively allow administration privileges, and you’ll be fine. Please, please remember that no reputable company is ever going to ask for your password over email.
Source: Mac Observer