Phishing is a lie.

Here are the lies:

(i will now dance around danger...

  do not follow the scam links below.)

Fake notification phishing scheme:

User receives an email from Apple.

Apple Store says,

“Our system has detected that

your account information

appears to be missing or incorrect,

please click on the button below

and confirm your account information."

User clicks on the button.

(Hovering over the button would have revealed the URL:

http://megafileupload.altervista.org/styles/ — not an Apple website)

User is delivered to a convincing clone of an Apple ID login page.

(Again the domain of the URL is www.duediservice.it (not Apple)

(In fact, this website was highjacked from Due Di Service Fiat auto sales.)

User enters their Apple ID and password.

The Phishers now have your Apple credentials.

The next page asks for the security code of your credit card.

Next, the user is asked to "Verify Your Apple ID” asking to fill out:

First, Middle and Last Name

Credit Card Number, Expiry Date and Card Verification Number

Date of Birth and Social Security Number

Complete mailing address.

No matter what is entered the user is then delivered to Apple’s

real Apple ID website, adding to the “reality” of the scam.

The Phishers have now stolen your identity.

Fake friend or friend request lie:

i  received a message from Ina Campbel (one “L” in Campbel).

The message claims to be a private message from LinkedIn.

Suspicious of the single “L,” i Googled "Ina Campbell."

There was one result from the US census.

Ina Campbel was born in 1888.  She is 128 years old.

i think Ina Campbel is going to be a great business contact

with all her experience!

i hover over the “view/reply to this message” button.

The link will send me to calhounobgym.com.

The domain does not exist in the Internet DNS servers.

When clicked, the view/reply button redirects to cheerfulworkmotion.com

via a hijacked link in calhounobgym (an unregistered website. )

Do not go to this website.

Do not believe anything you see here.

This domain defaults to a fake virus infection notification.

At this website, Ina also wants me to lose weight by eating Safflower Oil.

Don’t link to websites from email.

The links send you to highjacked websites and redirect you to

the lairs of the phishers.

Adware and the fake Safari pop-up:

User is tricked into installing adware, thinking it is something

like Adobe Flash Player.

Once installed, the adware changes DNS server settings.

Unrequested extensions are added to Safari.

The Safari home search page is changed.

No matter what you search for you are delivered to the adware advertisers.

Some ads, like MacKeeper, just want the user to buy useless software.

Some ads look like warnings from Safari and your Mac.

One such pop-up shows the Safari logo and claims that your "Mac has detected a serious attack on this system.” 

It is a lie.

The user is instructed to 

“Please contact the Mac Support team immediately at” some 888 number.

(They are not associated with Apple or your Mac in any way.)

The “legitimacy" of this warning is reenforced by making the pop-up persistent.

You can click on the “OK” button, but the ad will instantly reappear.

You can force quit Safari, but Safari will open the same site

and pop-up when restarted.

Never call the phone number.

If you do call the phone number, a nice Indian “technician” will answer the phone and lie to you some more.

The typical MO is to obtain permission to take over your computer.  

Once done, the “tech" can do anything they want.  

The best case is the “tech" will show you “dangerous” error codes

which indicate “serious attacks” on your computer.  These are just

normal log entries.  The “tech" is lying.

The goal of the “tech” is to sell you a technical support package for

$300 - $500 annual.

They never have to do tech support, because there was nothing wrong

with your computer.

The most these companies will do is remove the adware

which got you to call them in the first place.

The worse case is that the tech will place key loggers and/or other malicious software on your computer to attempt identity or financial theft.

We can avoid these phishing attempts.

Never connect to the Internet from a link in email unless you are

absolutely certain where it leads.

Know that an institution will never prompt you to enter your account

from an email.

If you receive a notification from an institution where you have an account,

go to the webpage using your browser, on your own terms. 

Log into your account normally. 

If the account needs attention, they will tell you once you are logged in.

No one is monitoring your computer.

Not Safari, not Apple, not Microsoft.

No one.

Always run your computer.

Do not let the computer run you.