Is this even possible?

I'll admit I'm a bit vague about these things, but I thought phishing was in the form of emails to me that try to lure me into clicking a link and then filling in my user name and password to various sites.

I also have always heard that "MACs don't get viruses" and I haven't purchased any security program like I always did for my windows machines.

Now I've got a friend telling me that her security software <windows machine> says my emails to her have a phishing virus.

What should I do? Just haul my machine off the the genius bar and let them deal with it?

I'm really busy with work this week and only want to take the time to do this if it is really necessary.

I'm guessing that some automatic phishing/spam operation is using an email address of yours that it found to send your friend a phising spam email. Ask your friend if your IP address is showing up in the headers of the email. My guess is that it is not.

Agreed. Friends getting spam "from" you doesn't mean your computer is involved.

Anybody can send an e-mail that appears to be from your address.

Most likely a spammer got a hold of a list of addresses that included both your address and your friend's (probably by grabbing the address book off some mutual relative/friend's computer). The spammer put one address in the "to" field and one in the "from" field.

Correct. A phishing Email a special sort of spam which wants you to lure onto a fake website where you are suppose to enter certain personal details.

That is not quite true. The point is that it is way harder to design a working virus for Mac OS since it is based on a very secure operating system. The other thing is that the percentage of Macs are much smaller than Windows PCs. So it makes no sense for criminals to put large effort into designing a virus to target a Mac.

A Phishing Virus is probably a misleading term. A virus is a small program which can causes all kind of things on a PC. Normally a virus is embedded in Email attachments which gets activated when you open the attachment. A Phishing email itself is harmless even if you open it and read it.

So ask your friend what she exactly mean by Phishing Virus? Does her security system flag an Email as Spam/Phishing Mail or does it report a virus?

Before we decide that she doesn't have a form of malware, maybe we should ask for details? For example, are they emails that she sent directly?

-David

Yes, these are emails I've sent her. She says when she opens them she gets this warning from her program:

recognition pattern of the phish/lloydstsb.A a phishing file

She is using Avira Antvir as her security program which is apparently some freeware thing she downloaded.

Thanks to all who have answered and I would appreciate more advice.

Is it a "new" email you are sending, or are you forwarding something? Sending an attachment?

Your mac can and will get viruses and trojans just as a PC if you are not careful in how you use attached files or have your firewall disabled (always have it enabled) or surf to suspicious sites and accept the upgrade prompt for quicktime (which you should never accept unless you go to quicktime's own website). It is 100% user error when a computer of any make gets viruses or trojans. And I say that after having worked as customer support on an ISP and was the local virus guru for the companies around.

I am a mac user since 5 years now and I don't have antivirus on my mac - at all. I don't open attachments. I clean my cookies (just keep the ones I want to keep) regularly, I've ditched the office package completely and use iWork.

As long as Mac's only have a 14% market share we are pretty safe as the target machines for the hackers are the windoze (not a typo), non-secure machines (NT, 2000, ME, XP and Vista are as secure as a colinder will be useful for carrying water).

So in short, yes, you could be infected.

The other thing, this is a phish that is trying to target bank customers at Lloyds TSB bank. So unless that is the bank you use you should personally be safe. But if you have had an e-mail asking you to renew your username, password etc at your online banking by using the link provided in the e-mail, then immediately contact your bank and change your banking details, passwords, credit cards etc. Banks will never ask you to do such a thing in e-mail.

Clear your cookies, clean your cache, don't open attachments be a bit street wise and you will be OK. If it was a PC I'd tell you to bring out the artillery, chain it, padlock it and put it in a bomb proof shelter and you might be OK.

I am a Mac user and have been for years. While I don't get very many viruses, you are living on the wild side by not having virus protection! YES!! go to the genius bar!!! and while you are at, buy a virus protection program, install it and check your machine.

Oh, don't forget to do a backup as well!!!

In the time period that she has been getting this message I've sent several "new" emails and forwarded two, one with an attachment. The attachment was a vendor application from a show promoter we work with, not something dodgy.

In this same time period I've sent quite a few emails, both personal and business emails to customers. No one else has contacted me describing the same problem.

I once had a windows machine get infected with a couple of fierce viruses; took days for me to get it cleaned up with some help from some very kind people. That was when my then early teen son learned there is no such thing as "free porn".
I also went with iWork and love it . I do, however, open attachments as many forms and applications are sent that way to my business.
I do keep up with scams such as this and would not fall for any bogus emails. No opening or clicking going on here!

That could easily be infected. I once rec'd an infected word .doc file which was an editorial release form, sent to me by the editor of a computer industry magazine for whom I was writing an article. If they can spread infections, so can your vendor or your mac.

Funny how a mac genius buddy says it's wasting money doing just what you adviced. ;-)

Yup. Just had a kernel panic last week and friday decided to do an "archive install" which froze half way, destroyed the boot-sector and the HDD wasn't detected. ARGH! I ripped open the MBP, pulled out the HDD and stuck it in a case, plugged that in to en iMac and it was detected, backed up what the frozen installation had managed to archive, format with GUID, put HDD back in laptop (at which time I realized that I could have simply plugged the MBP via firewire to the imac. I had only had 3 hrs sleep the night before friday and by now it was 6am saturday). Slept 3-4 hrs after the MBP was sorted closed back together and then spent the rest of the day installing all the other software and transferring back up back on to the HDD. Trust me, I was not a happy puppy.

And windows users, switch off the system restore thing or your virus will re-appear. One reason why the jury (me) is still out on deciding wether to use Time Machine or not.

One of my virus clients, a graphic design company, called me in on a complete panic. Lolled over to their office with my tools, walked in to a room full of Macs. (this is back pre osx days) and concluded there was nothing I could do. They pulled me n to another room are there was the offending party, the PC. Found the source - an internal e-mail from the co-founder. She had an email from a client including an attachment. Couldn't open it on the mac so forwarded it to the PC. Clicked it, screen blinked and nothing happened. So she thought no more of it until, coming back to work next day and the voice mail was full of messages (and the macs full of e-mails) from clients asking them to please pull the plug on whatever machine was sending out virus infected mail. Some 8000+ emails had left that PC over night. Some of their clients had received 200 or more.

An afternoon later the PC was clean and the entire room had had a stern talking to about it all.

The other founder was out of town, returned that night and rang me at home to thank me.

PS. The viruses out there may not harm the mac but can be spread to PC via Email and harm them.

That's true of course. Maybe I'm still unclear as to how forwarding an attachment would give her the phish message I posted above. I could understand it better if it was a trojan.

The file I opened and then forwarded had no links to take one to a bogus sign in page or anything like that. I thought the goal of phishing is to get someone to enter sensitive info on a bogus sign in page.

Does anyone recognize the phish warning message I posted? What does that mean exactly?