Macworld — In the endless debates about Mac security--is the Mac platform inherently safer than Windows? what security measures should Mac users take?--one point is often overlooked: The biggest chink in computer security isn't necessarily in the computer itself. Rather, the weak spot is often the computer operator--in other words, you.

Slideshow: Apple's Top 10 Biggest News Stories in 2009

Gullibility, greed, momentary lapses in attention, and other human frailties can all be easier to exploit than any vulnerabilities in computer code. Which means that, while your Mac and iPhone can indeed be vulnerable, there are things you can do to keep them safe..

In the days that follow, I'll explain the 13 security threats that I think owners Macs and iPhones really do need to worry about. For each of them, I've got advice on how to avoid being victimized. First up: scams, fraud, and financial threats.

E-mail scams

The Threat Mail-based cons have existed since the dawn of the postal service. E-mail has simply provided a fruitful new format. Attackers can send out millions of e-mails at practically no cost; if only one person in a million falls for the scam, the scammer turns a profit. Because of identity-hiding technology, lax law enforcement, and the Internet's global reach, attackers can operate with near-impunity.

Phishing--when a scammer sends e-mail messages designed to trick recipients into visiting a deceptive Website or divulging personal information--is probably the most common e-mail scam. Some phishing attacks rely on nothing more than creative wordsmithing, but many more exploit holes in e-mail and Web technologies.

A phisher can fiddle with header fields so replies don't go where you think they're going. If you've ever received an e-mail asking you to provide your username, password, or other sensitive details by reply e-mail, that's probably what was going on.

Or the phisher could embed a URL in the e-mail message--by slightly misspelling the site's address (www.macwarld.com), say, or adding confusing text at the end of the address (www.macworld.com.ad#$Fadfg%$.iamevilandwillstealyourstuff.com)--that looks like it's going to a trusted Website, but isn't. Such links often lead to sites that crafted to look exactly like legitimate site, but aren't.

What You Can Do Your first line of defense against e-mail scams is a good spam filter; these days, most spam is some kind of scam. Virtually all major e-mail services do some basic filtering before messages hit your Inbox. Many e-mail clients, including as Apple's (AAPL) Mail, also include filtering tools. If those aren't good enough, you can buy add-on spam tools, such as the excellent SpamSieve (). I use three separate filters: a special service through which we route our corporate e-mail; a filtering appliance in front of our mail server; and SpamSieve. Despite those layers, I still see one to three spam messages a day.

Continue Reading