This year, phishing attacks against macOS users got more than double, considering the emails that specifically claim to be from Apple growing at 30%-40% per year.
In the first half of 2019, around 1.6 million phishing attacks have tried to manipulate people into using their Apple ID credentials to log in to a fake Apple website and were detected by a security company.
According to Kaspersky, these figures reflect only attacks on Macs which run its own security software, many of which are in corporate environments. This fact suggests that the true total number of phishing attempts is even much higher.
“We started collecting detailed statistics on phishing threats that target macOS users in 2015. The data that has been collected over the last four years suggests that the number of phishing attacks on macOS users is definitely growing, and quite rapidly at that. While in 2015 we registered a total of 852,293 attacks, in 2016, this figure grew by 86% to over 1.5 million, and in 2017 it skyrocketed to 4 million. In 2018, the number of attacks continued to grow, crossing the 7.3 million mark. At this point we can see that during the first half of 2019 alone, 5,932,195 attacks were committed, which means that the number of attacks may exceed 16 million by the end of the year if the current trend continues.”
Phishing attacks and what you should watch for
The most common phishing attempts that can steal your Apple logins are:
- Claiming that your Apple account is “locked” and you need to “confirm” it to restore access
- Sending a receipt for an expensive claimed purchase, with a “Cancel” link
- A message from “Apple Support” claiming to have detected problems with the Mac
Quite often, the URL is the only real clue for a phishing alert, so it’s worth ensuring your friends are on the lookout for this type of emails.
However, at this point, the greatest number of phishing attempts impersonate banks. Although the hit rate will be low, just a small proportion of those receiving any given email will have an account with the bank in question, the potential rewards of gaining access are really huge.
“Both in 2019 and 2018, the phishing pages visited by MacOS users most often pretended to be banking services (39.95% in 2019 and 29.68% in 2018), the second popular being global internet portals (21.31% in 2019 and 27.04% in 2018). Social networks came in third in 2019 (12.3%), taking up the online stores’ place (10.75% in 2018).“
Considering these facts, be sure to always visit the website of your bank only from your own bookmarks or by manually typing the URL: Never click on a link in an email!
Most of you know that it is not easy for a hacker to install a virus in macOS, so the vast majority of malware which target Mac users is adware. Usually, the fake apps hijack web browsers to display ads from malicious networks instead of the normal ads running on the websites you visit. These can also change a browser’s homepage as well as your default search engine without asking for any permission.
Keep in mind that one of the most common ways for getting malware onto your Mac is via a fake Flash Player update, so keep your eyes wide-open and better not allow Flash on your Mac at all.
Also, remember that protection against malware is straightforward and make sure to install applications only from the Mac App Store or from known websites of trusted developers.