phishing and malwarebytes

[15xcoucou]

Hi, Does malwarebytes check for phishing files also? would it pick up an html phishing file or phishing script on my mac? I am asking because I ran avast and it found two HTML:Phishing documents on my safari webkit cache folder. I wonder how it got into my cache because I thought that phishing was via email and I barely click anylink from my email. Why my anti virus did not block it also. would malwarebytes  block the files? I click the delete button via avast and ran another scan and nothing, I downloaded malwarebytes and ran the scan and got a clean result. So should I consider that my mac is clean and these phishing file did not do any harm and am I safe?

thanks

 

[treed]

Those files detected by Avast were related to a phishing website that you must have visited. Detecting those files in your browser's cache doesn't protect you in any way, and Malwarebytes for Mac will not bother trying to detect things in the browser cache.

It's impossible to say whether you're safe or not... phishing is not like malware, and it doesn't infect your computer, so your Mac is clean, but since you have visited a phishing site, the danger is that you entered your credentials on that phishing site. If you think that may have happened, it would be a good idea to change all your online account passwords.

[15xcoucou]

Ok, so in another word the risk is only if I entered my login credential on a false website?   I did a scan on the Dec 2nd which was ok and on Dec 6 it shows those phishing files, so changing my password only on the sites I logged between Dec 2nd and Dec 6th should be enough right??   also 99% of the time I use my bookmark websites for my login so those site should be safe?   I was worry about these files if they would put a script on my mac to steal informations in the future, so it is not the case right?

thank you very much for your help

 

[treed]

As long as you never enter credentials on a site you reach by clicking a link in an e-mail, or something similar, and you only enter credentials when accessing sites from a bookmark, you should be good. However, if you think that you may not have done that at some point between December 2 and 6, then it can't hurt to change the passwords for sites you accessed then.

Note that if you use the same password on any other sites, you should change the passwords there as well. Password reuse is a huge issue these days that significantly expands the reach of a breach of a single account.

Phishing sites can't currently install malware on your Mac. All current Mac malware relies on you to open it manually.

[15xcoucou]

Thanks for clarification. My biggest concern was that the phishing sites could install something on my mac without my knowledge, so glad to heard that they cannot. Your help is very much appreciated.