Hackers are using "social engineering" to trick computer users into deliberately installing their malware.  The latest news is they are targeting Mac users, who have (and have for the last 11 years) no fear from computer viruses.  (Note - I am *not* saying Macs are impervious to viruses - no operating system is, but Mac OS X, built on BSD Unix, is very difficult to hack)

Because Mac users do not need to use all of the security defenses that Windows users must use to survive, some are gullible when they see a popup window from a website that says their computer has a virus, and "offers" to install Mac Defender or some such non-existant product.  The gullible user then downloads the program, enters their administrative userid and password, and grants the software permission to install.  Then the blackmail begins - it claims to have found *thousands* of viruses, redirects your browser to porn sites, and you have to pay $79 to "disinfect" your computer.  It even goes so far as to claim your credit card didn't work, and asks for another card, and another, racking up charges on every card you use!

This is a familiar pattern for Windows users too, even though they continue to fall for this every day.

So what is really going on is that some Mac *users* are vulnerable to social engineering, it really has nothing to do with Mac OS X.

Okay, so how do you defend against "social engineering" attacks, where you are tricked into deliberately installing malware? 

Here are four guidelines that will help to keep you safe.  #1 and #2 are good security practice, while #3 and #4 apply to social engineering attacks:

1. If you installed a program, update it regularly.
2. If you no longer need a program, remove it.
3. If you didn't go looking for a program, add-on or download, don't install it.
4. If you are using anti-virus or security software, know what program you are using, and don't respond to different anti-virus or security messages.

And for those ready to attack the Mac, that is *finally* susceptible to viruses or so they think - okay so if some stranger comes up to you and tricks you into giving him the keys to your car, do you really think the car is going to stop him from driving away and stealing it?  Exactly.  You gave permission to drive the car.  Same situation with social engineering - if you install the software, giving your administrative account info in the process, of course Mac OS X or any operating system will do it - you told it to do so. Although it could happen, there is still no virus threat to Mac users, 11 years after Mac OS X came out, it is an order of magnitude safer than Windows 7, much less older versions of Windows, which were far worse.

And to wrap up, a quote from Kevin Mitnick, the famous hacker:

"social engineering is the best hacking method"

Don't fall victim to it!