Background on the latest phishing scams to target Mac users and tips on how to avoid falling victim to online phishing attacks.
Unfortunately, owning a Mac often gives users a false sense of security. Rumors have floated around for years that Apple provides the ultimate level of protection and there isn’t a need to have malware concerns. However, new reports of serious phishing scams targeting Mac owners has made it more important than ever to show vigilance when protecting your data.
What We Know
The software firm Checkpoint has recently sounded the alarm on the many ways Mac users are being targeted by phishing scams. The latest campaign has been based out of Europe with Trojan malware attached to a valid certificate from Apple. Apple has multiple antivirus protections in place like the green safe browsing icon, but the new phishing scam has the ability to get around these safeguards. The new scam is phishing for users to enter their credentials by acting as a legitimate OS X update. After credentials are entered, the malware permits hackers to spy on a person’s web browsing. Worse yet, administrator privileges are granted, permitting the scammers to bypass any additional password protection you may have in place.
The highly sophisticated phishing scam has been designed to avoid detection by the average Mac user. Once your computer is hijacked by the malware, all web traffic is rerouted through a malicious server due to a new root certificate installation. Not only will attackers be able to view your web traffic, but they can also tamper with the results. You may find yourselves on websites that are clones of the real ones you’re attempting to visit. Once the malware achieves its goal, it can delete itself at any time.
Another alarming feature of this phishing attack is the inability of virus detection tools to pick up on the software. According to Checkpoint’s Malware Research Team, the infection had zero hits on virus scanning tools. The malware comes bundled in a zip file that’s often attached to phishing emails. After download, the malware takes over the Mac and will not permit the user to open any other applications until they agree to the false system update.
Phishing Avoidance Tips
Since phishing scams typically come via email attachments, your first line of defense is to meticulously scrutinize all emails before opening. Check the sender name to see if it matches the company name listed. The message in the body of the email may sound generic and start with phrases like “Dear Customer.” The email is also likely to look different than other emails you’ve received in the past from the sender. There may be a request within the email asking for you to enter sensitive data such as your password or credit card details.
To avoid malware, never download any attachments from unknown senders. Don’t click any links either in the body of the email if you’re unable to verify the identity of the sender. Consider reaching out to a sender first to confirm the authenticity of any attachments or URLs found in an email.
Always contact Apple Support directly if you think you’ve been the victim of a phishing attack. Their team will tell you what steps to take to protect your private information.
Your best bet is to use your gut instinct. If an email or update doesn’t look right to you, don’t click it. Erring on the side of caution will save you a huge headache down the road.