Phishing attacks targeting Mac users are on the rise, perhaps doubling in number this year. Emails claiming to be from Apple are growing 30-40% per year.
Security company Kaspersky says in the first half of this year they detected approximately 1.6 million phishing attempts attempted to fool users into using their Apple ID credentials to login to a fake Apple website.
Those numbers reflect only attacks on Macs that were running the Kaspersky security software. That suggests the total number of attacks on machines running macOS is much higher.
We started collecting detailed statistics on phishing threats that target macOS users in 2015. The data that has been collected over the last four years suggests that the number of phishing attacks on macOS users is definitely growing, and quite rapidly at that. While in 2015 we registered a total of 852,293 attacks, in 2016 this figure grew by 86% to over 1.5 million, and in 2017 it skyrocketed to 4 million. In 2018, the number of attacks continued to grow, crossing the 7.3 million mark. At this point we can see that during the first half of 2019 alone, 5,932,195 attacks were committed, which means that the number of attacks may exceed 16 million by the end of the year if the current trend continues.
What to Look Out For
The types of phishing attempts that are designed to steal Apple login credentials include the following:
- Claims that your Apple account has been “locked” and that you will need to “confirm” the account to regain access.
- A receipt for an expensive claimed purchase is sent, which includes a “Cancel” link.
- A message allegedly from “Apple Support,” which claims to have detected problems with the user’s Mac.
While often the emails include obvious grammar mistakes and misspelling of words, many of the emails and fake websites can be quite convincing. In many cases, the only indicator that the email is a phishing attempt is the URL of the link included in the email.
Other phishing attempts targeting Apple users include those claiming to be from the user’s bank. While the hit-rate will be lower, as in many cases the user doesn’t have an account with the bank in question, there are big rewards to be had for any access to accounts that the bad guys might gain.
Kaspersky says emails claiming to be from a bank were the most “popular” types of phishing emails, with the second most common type being emails claiming to be from internet portals. Third most common appeared to come from social networks.
Both in 2019 and 2018, the phishing pages visited by MacOS users most often pretended to be banking services (39.95% in 2019 and 29.68% in 2018), the second popular being global Internet portals (21.31% in 2019 and 27.04% in 2018). Social networks came in third in 2019 (12.3%), taking up the online stores’ place (10.75% in 2018).
While it is difficult to install a virus in macOS, Macs are targeted by adware, malicious apps that can hijack your browser to display ads from hacker ad networks instead of the usual ads you see visiting websites. Other adware can change a browser’s homepage or default search engine.
The most common way for malware to gain access to a mac is via a fake Flash Player update. So you should ignore any “Flash Player” update notifications you might see while browsing the web. Better yet, don’t have Flash installed at all. Be sure to let your friends and relatives know what to do.
Also, to protect yourself from malware on the Mac, only install apps from the Mac App Store or the website of a trusted developer.