Here's how easy it is... is the email legit or not. I believe it is legit and clicking on trial version does go to apple.com/ , then again maybe the bandits are getting better?

Would you trust it?

I've paid lots in my life to not be stupid. Not to Apple, though. I suppose the jury is still out on whether it worked or not.

I do know better than to expect piracy programs to improve the quality of said life. :p

It is vitally important to check whether a link in a mail message does go to where it purports to.
Mail.app will show you the URL if you hover the mouse over the link.
But you do have to look carefully (and have some technical knowledge of domain name syntax) since, for example, a link to:
http://iwork.apple.com.freetrial.tv
goes to the domain freetrial.tv (owned by someone in Singapore), not to Apple.

This arrived in an e-mail? From a trusted friend and perhaps Forum participant? Or purportedly from Apple? I never get admails from Apple, I think I ticked a box during registration not to, but I've seen and ignored my share of phishing attacks "from" my ISPs, as well as banks I don't actually bank with :D.

Speaking of which: as well as a Mac newbie, I am a cantankerous reactionary, and I don't touch online banking. Also for personal reasons I like to bank over the counter, where my ugly mug is a familiar sight and quite unhackable.;) I do have my account numbers on my machine, in a Word document, but the 'puter doesn't know my credit card details or PIN number and is not interfaced with my bank in any way whatsoever. Never even been to my bank's website; for me, my bank exists solely in meatspace and that's the way I like it.

You should put that information in an encrypted disk image.

How does one make one of those, then?

However, I'm a bit puzzled by the notion that bad guys can do anything with my account number as such and alone; anyone who has ever paid me, or anyone whom I have ever paid, already has that information. Anyone who walked into the bank and tried to withdraw would meet a demand for ID and signature; my accounts are not hooked up to any online banking. How could anyone stiff me with this information alone, without the bank being liable? :confused:

See: /applications/utilities/disk utility


Is your bank online? Then so are your accounts!

It is a valid email from Apple. I do most of my banking via the internet. Yet to have a problem, but for sure there are differing levels of security from bank to bank. I never under any circumstance link to a bank account from an email or anything else because there's no way to be sure where you are... some banks use strange URLs such as online.east.etc., etc, not just their name with a .com after it. I get emails from my bank, but would not trust their links either.

Like you, there are no docs on my Mac with cc numbers or bank account numbers or passwords. I don't use keychain. I do type in lists of such things, print them, and then secure delete the doc. Overkill I am sure, but I worry about it.

I also run software that identifies (usually) suspect sites and blocks access to them.... I have an 11 year old who uses the computer, too, in a non-admin account.

OS X is as safe as it gets, I think, but many users are not ITs and are pretty much at risk of being scammed until they learn their lesson the hard way.

The bank does online banking, yes. But my understanding is that getting a first-time password, in someone else's name, to use online banking services is a bit more involved than stealing someone's password to an already configured set-up. Am I wrong, then?

My country encourages people to submit their tax returns online (though I myself am sticking to dead trees as long as I can), which also involves account numbers being held on computers, ours and theirs. I would think it would easier to hack the tax office. Or wait for them to leave all the info on a CD in a taxi :rolleyes:

online banking uses a slew of security measures. Mine uses IP and MAC address authorization, passwords, secret words, security questions, and confirmation emails to access the account. I assume most banks follow this sort of model.

As for the email thing, I got a scary email when i first signed up for facebook saying so and so wanted to be my friend, so I clicked on the link thinking it was facebook (spoofed URL) and it immediately said I need to install browser plug ins to make it work. Well, I immediately knew that was a scam. Closed my browser and started to investigate. Viewed the headers of the original email and the IP it last came from was an IP in china. I am pretty sure there are no Facebook servers in China. It was a scam and looked very real. I was really impressed and their English was almost perfect, after rereading the email I only saw one grammatical error towards the end of it. Otherwise, it looked like a legit email from facebook.

I have also seen some pretty cool paypal spoofs. By cool I mean well done, I still think it is a jerk move. These types of attacks can and will affect any platform.

Security varies by bank for initial set-up as well as access. Some will not issue a login and password by internet or phone.... they mail it to you just like a pin number. Others will allow internet registration after you answer a dozen personal questions including ssan, address, phone, acct number etc., etc.

Some use an image with a key word that appears when you type in your login, if you don't see the image and codeword you are not on their site so you don't enter the password.

A couple of my banks identify the computer I am on and if they don't recognize it you don't get access even with a correct login and password but will instead be challenged with 3 or 4 personal questions.... city of birth, pet's name, city where you met the spouse, make of first car, etc.

I think internet banking is secure, though obviously you have to exercise care. Someone gets access to your computer and finds a list of logins & passwords one is going to be in for a long, long year. Physical access to your machine is the greatest threat I think.

Look at my links from post #16 and suppose that one of those viruses hits your bank. Isn't it possible that the bad guys could gain enough information so that they could set up an online account in your name?

That's part of why I think it's a very bad idea for Mac/Linux users to scan for PC viruses. We should let nature take its course: either quickly improving Windows security or forcing it off the stage. Propping up Windows is putting us all at greater risk than is necessary, and at far high cost than it would be to replace Windows, especially since it doesn't need to be done all at once.

That's cool! My bank isn't supposed to give balance info over the phone, but I often need to know whether a customer has coughed up and can't get into town; when I call and greet the answerer by name, recognising their voice, and they recognise my distinctive voice/accent as well, and also ask what sum I am expecting, then they bend the rules. No one could get away with pretending to be me, except perhaps a supremely gifted mimic who also knew who worked there. A couple of times, in extremis, I've even called from abroad to have money transferred from a savings to a current account; but that's only between my own accounts. Even when they're 110% sure it's me, they would never transfer funds to a third party.

Yeah, and we don't always worry about the objectively biggest threats, do we? Anyone who stole my computers would know where I banked and the account numbers, like any customer or supplier does; but that doesn't mean getting any of my money out. I'd be a lot more worried about confidential work files. There was someone on the Forum the other day who described getting his laptop stolen when he was only feet away at the time -- if it was not asleep and sleep-locked, or screensaver-locked, all the perp would need to do would be to keep it open and awake until he could download the contents to a memory-stick in his pocket, no? How do you protect against something like that? Passworded opening of all files, or all folders? Quite a slowdown for the busy user.

Say that it is possible -- what can I do about it? I don't see what configuration of my own 'puter could prevent that, any more than the lock on my own door can prevent the bad guys breaking into the bank's vaults three miles away. If they can crack the bank (or the tax office!), they don't need to crack me to find out my account numbers, no? And in such a situation, the bank would have serious liability.

Other than vote with your wallet, not much. All too often, people take the attitude that all platforms are valid options, and while it might be argued that on a technical level Windows is a valid option, doing so ignores the enormous costs to all of us when people (and businesses like banks) use Windows.

I for one am not remotely competent to do due diligence on the bank's IT security. Just for fun, next week I shall ask them what platform they use, though the counter clerks may not know much. And how would your wallet vote, CWT, if one bank ran on Windows but was otherwise customer-friendly, while another used Linux but kept everyone waiting an hour in order to coerce them over to online services? Which some of them do here. I've never been looted by a cracker, but I've sure been dissed by a banker!

I have a friend that works at a major bank's HQ downtown in their IT department. He works out of the data center. They have around 300 IT guys in his department, which do all the IT/maintence, web development, app development, so on and so forth. The use a mixed platform, and he told me his particular bank as two macs. The two macs are used for developers to develop web apps for the mac platform, the rest are all PCs running Windows/Linux.

Also, having been a system administrator for Windows Servers at my old job, they are not to be compared to Windows clients. They are way more secure than a Windows client machine, and Vista is the first end user OS to start to adapt some of that server side security. That is why you notice some of the user accounts being changed directory wise, and you see running things as an administrator. I haven't used windows 7 yet really but from what I have read it will implement even more POSIX Unix-like security features when it is released.

hmmmmmm good advice.....*cough* private browsing+encrypted dmgs ftw >.> cuz i wouldnt want her finding all my extra revision documents

well 2 and a half :rolleyes:

That's the problem you get when you don't have proper regulation: no real competition. :(

Still, making your voice heard can have an effect: never connect to a bank using Windows. It's not only good for your immediate security in the short term, but if enough people do it they'll change their systems.

Uh millions of people bank with windows all day every day and our whole accounting and payroll department run windows boxes, so it isn't like its not secure. most of the time it is a humans fault when things get exploited, like not running a security patch, or using a really lame password that gets dictionary attacked.

You don't have to use a Mac to be secure and safe.