Don't Be Fooled. The term phishing describes outbound threats that combine email and websites designed to trick you into giving up your usernames and passwords. For example, you might receive an email that looks like it came from PayPal or Amazon. The email has the corporate logo, and looks just like other emails from those companies. The message may link to a legit-looking website where you log in with your username and password. That's all it takes - the phishers now have enough to attempt more heinous activities, such as taking over your real PayPal or Amazon account. It could be months before you realize what has transpired.

And with all this cybercrime going on, it's easy to forget the most low-tech methods of the bold and brazen - physical force. One doesn't need much in the way of programming skills to walk up to your machine and start clicking around.

From the get-go, Mac OS X provides substantial security. Here's how to keep it that way - and extend your feeling of protection when you venture online - without making major sacrifices in cost or convenience.

- - - - - - - - - - - - - - - - - - - -

AN OUNCE OF PREVENTION

Try these tips for keeping hackers, phishers, and other cybercriminals at bay.

Strong Passwords
As unoriginal and obvious as it sounds, it's still true: Passwords should not be easy to guess - or crack. That means using a mix of capital and lowercase letters, numbers, and symbols (like @ for A, or ! for I or L). Better than trying to spell something recognizable is to use passwords that look like gibberish. And don't use the same password across all of your various accounts.

Having trouble coming up with a password? Let your Mac do it for you. A little-known tool called Password Assistant can generate a password for you. Access the Password Assistant in System Preferences' Security pane. Once there, click Set Master Password and then click the question mark icon next to the Master Password field. You can copy and paste (or write down) the password that's generated, and then cancel the operation.

Don't tax your own brain. Let OS X's Password Assistant come up with an inscrutable password for you.

Check Your Email Setup
Every time you check email, everything - including your address, mail server, and password - is sent over the network. A lot of people use the same password for everything. So if a snooper gets your email password, he could comb through your messages to figure out what services you use and try logging in to those accounts with the same login info.

If you're on an insecure network, such as a Wi-Fi hotspot, don't check your email if your email app doesn't encrypt passwords during authentication. Apple's Mail, for example, does not encrypt your password, but Mozilla's Thunderbird does - and so do most Web-based email services. In Thunderbird, go to Tools > Account Settings > Server Settings and select Use Secure Settings. Of course, this will only work if your ISP or email provider's POP or IMAP email services support this feature. (.Mac supports this security measure.)

Yahoo Mail now also offers what's called a "sign-in seal." The seal is a customized graphic or text block you create that will only show up when you log in. If you get a message that sends you to a purported Yahoo login page and the sign-in seal is missing, you know it's a phishing scam. Google's Gmail uses SSL (secure socket layer) encryption to shield your password by default, and users can also log in via a secure HTTPS page at https://mail.google.com.

Keep a Short Leash on the Keychain
The Keychain is unbelievably convenient. One password is all you need for a single point of entry. On the flip side, what if someone cracks that single, convenient password? Even worse, what if someone accesses your machine while the Keychain is unlocked?

Always lock your Keychain when you leave your machine unattended. Launch the Keychain Access utility (Applications/Utilities) and click the lock icon in the upper left, or turn on "Require passwords to wake this computer from sleep or screen saver" in System Preferences' Security pane.

Resist the temptation to add passwords to the Keychain at all. That way, your logins are protected by two layers of password protection.

Say Buh-Bye to Free Wi-Fi
Free Wi-Fi is a great way to attract customers to a coffee shop, but you could be inviting trouble by not securing your wireless home or office network. A freeloader piggybacking off your Wi-Fi network and hoarding bandwidth is merely a nuisance, but it's a huge problem if the visitor is there to steal passwords or distribute spam.

If you have an Apple AirPort base station or other Wi-Fi router, turn on password protection. Also opt for the WPA (Wi-Fi Protected Access) encryption in your router's security preferences. Another good idea is to change the router's SSID (Service Set Identifier) or device name to something other than the default, which is usually the device's brand name. Knowing the type of router could be an easy starting place for a Wi-Fi interloper. With Apple's AirPort Extreme Base Station, you can also keep the network's name hidden, so that users who log on are required to type in the network's name precisely, in addition to a password, to gain access. For more on Wi-Fi security, see "Wi-Fi Should I Care?".

Keep OS X Current
Back in January, a project called the Month of Apple Bugs (MOAB) grabbed a few headlines. The goal was to find vulnerabilities and flaws in the Mac OS and publicize them on the MOAB site (projects.info-pull.com/moab/). Not surprisingly, this project generated a lot of heated discussions. Some saw it as the ultimate gesture of customer advocacy, while others felt it was an irresponsible airing of OS X's dirty laundry. Regardless, the folks behind MOAB did come up with 31 bugs.

Apple has since fixed some of these bugs and continues to fix others. We're not suggesting that you blindly trust Apple, but if you're looking for bug fixes, your safest bet is to get them directly through the OS using the Software Update utility in the Apple menu.

More...