100 MACWORLD AUGUST 2021
WORKINGMAC PROTECT YOURSELF FROM PHISHING SCAMS
Watch for blatant security warnings.
Safari throws up a big warning when you
visit a site that’s using a security document
(a digital certificate) that doesn’t match the
domain name it’s at. That’s a huge red flag
and you should walk briskly away in a
virtual sense. You have to do work to
bypass this warning.
Watch for subtler security warnings.
Apple also checks (fave.co/3hwmRRo) in
Safari for an expired security document
(sites have to renew at least annually) that
was formerly legitimate. And a nonsecure
page that asks for your password or credit
card is a red flag as well.
Use a password manager. Apple’s
built-in password support across iOS,
iPadOS, and macOS, as well as 1Password
and other third-party ecosystems will only
fill in a password if the domain matches
precisely. A look-alike domain meant to
fool you will never match, and thus you
won’t be offered the opportunity to click
or use Touch ID or Face ID to fill in the
login fields.
The one occasion on which you will
see an error when you’re trying to visit the
legitimate version of a site is when you’re
at a public hotspot and haven’t yet jumped
through their hoop to join the network.
When you connect to such a hotspot, it
blocks general internet traffic. It
effectively redirects everything to a local
“portal” page where you can pay, enter a
login, or
agree to
terms of
service for
free access.
Until you
pass the
portal page,
any other
web page
you visit will
produce an
error that
looks like
you’re at a
fraudulent
We recommend you use a password manager like 1Password (pictured here). site. ■