If you haven’t heard the term phishing by now, you’ve undoubtedly experienced it. Phishers send e-mail messages designed to trick people into forking over personal data, such as usernames, passwords, bank account numbers, social security numbers, and more. Usually you receive an innocent sounding e-mail message—from your bank, eBay, or PayPal—that says something has gone wrong with your account, or that you need to update some data. Somewhere in the body of the message, there’s usually a link to your “account status page,” “information update page” or “personal info page.” If you click one of these links, the resulting page might look legitimate, as phishers use steal imagery from the real site. However, you’ll actually be on the phisher’s site, not its legitimate counterpart. So how do you protect yourself?
For starters, if you use Apple’s Mail, you can force it to display plain text only. This forces most phishing e-mail messages to appear without links and images. (Other mail applications may offer similar options.) However, since this means you won’t see images or text styling in any e-mail messages you receive, this approach is clearly not for everyone.
Another option is to never click an unknown link in an e-mail—at least not until you know where that URL may go. Thankfully, if you use Mail in OS X 10.3 or 10.4 it’s surprisingly easy to see where any given link goes, even before you click it.
If you’re running OS X 10.3, just click-and-hold on the link for about a second, then begin to drag the link toward your desktop. When you do, a small gray box will appear, revealing the URL behind the link:
After you’ve had a chance to read the destination URL, just hit Escape to cancel both the drag and the click on the link. The only problem with this method is that there’s a chance you could accidentally click the link while trying to view it. In OS X 10.4, they’ve fixed things so that’s no longer possible. There’s no more clicking and dragging required—just hover over the link for a second with your mouse, and you’ll see a pop-up revealing the URL’s destination:
Since you don’t have to click the mouse button, there’s no danger of accidentally activating the link.
There are lots of phishers (and scammers) out there. But if you use a bit of common sense along with these link-checking techniques, you’ll be well protected from their emails.