KELLNER: Don't get hooked by 'phishing' schemes

• Article
• Comments ()
• Click-2-Listen
• Videos

By Mark A. Kellner

It looked innocent enough. Heck, it even arrived on my iPhone. "It" was an e-mail purporting to be from Apple Inc.'s MobileMe service, the online e-mail, file-storage, photo-sharing, Web-hosting wonder formerly known as .Mac. And, I'll admit, I've come to place more than a little trust in Apple.

The e-mail, which had the "official" MobileMe logo and seemed to come from Apple, said there was an issue with charging my credit card for the monthly charges. Would I please go to a location and update the information? Again, I should have been skeptical. MobileMe service is billed annually; I should have remembered that. And, my account isn't up for renewal until December.

Still, I'm a trusting kind of guy when my hard-hat journalistic guise is removed. So I didn't click the button, but went to the MobileMe site, logged in and changed the information.

So far, so good, until I got the message that things weren't working at the moment. I'm not sure what I did next, other than to find myself entering several different kinds of credit card information and hoping one would work. Now, I was starting to get nervous.

My anxiety increased after calling one of the card companies and finding that, no, there weren't any problems with the account. I mentioned the nervous part, right? Well, it's been the better part of the week, and now my daily routine includes several checks of the bank and credit card accounts to make sure nothing "funny" is happening. So far, so good.

An inquiry to Apple revealed that, no, the link in the official-looking e-mail was not an authorized Apple address. I shouldn't go there, literally. And while I'm fairly sure I didn't, I can't swear to it. Hence the frequent checks.

I also made another mistake, and I should have known better about this one, too. At one point, I was logging on to secure Web sites using a "Beta" version of the next-generation Firefox browser. The Beta didn't have the security features that the current, standard Firefox has. Also, I didn't read the e-mail in Apple's Mail.app (STET) e-mail client. That program allows you to "mouse over" a link or "button" in a graphical e-mail and make sure you're going to land where you expect to end up. This is another way to avoid the clutches of the bad operators.

Again, so far, so good. I've also signed up at www.lifelock.com for the LifeLock identity-theft protection system. Using your Social Security number and other information, all of which is transmitted securely and stored on their servers, the firm monitors your credit reports for suspicious activity. The bottom line here is to be vigilant, constantly, when it comes to e-mail asking you to log in and update your account. Check the origin of the item, check the Web links, and use Firefox, which is available for Windows and Linux users as well as Mac-heads.

I'm hoping I dodged a bullet here, but I also realize the need to keep up my guard.

Who's come after you lately?

• E-mail Mark Kellner.