Skip to main content
  1. Home
  2. Computing
  3. Features

Mac users are being targeted by a vicious new phishing scam. Here’s how to stay safe

By
A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

There’s a well-known myth that Macs are somehow invulnerable to viruses, phishing attempts, hackers and the like. You might have heard it before, or maybe you even believe it yourself. Unfortunately, it’s far from true. Because while Windows users face more threats than their Mac counterparts, that doesn’t mean that Mac users should get complacent.

That point has just been perfectly illustrated by a new phishing scam that is specifically targeting Macs. It’s so advanced, in fact, that LayerX Security, the firm that has been tracking the attack, has said that similar campaigns “have rarely reached this level of sophistication.”

Recommended Videos

On first glance, the attack sounds straightforward enough: the attackers launch a spoof pop-up window warning you that your computer is under attack. These popups appear on “typosquatted” websites — that is, malicious websites with URLs that are very similar to the real thing, such as one that deliberately misspells apple.com. They’re designed to look like the sites they’re impersonating so that victims don’t get suspicious and back out before it’s too late.

A fake popup on a phishing website designed to impersonate Apple's official site.
LayerX Security

Many of us have seen popups like these and know to ignore them. But this attack goes a step further by using some nefarious code to freeze your browser window. The goal is to manipulate you into thinking that your browser really has been compromised — after all, it’s seemingly no longer working.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

Once that’s done, the popups present a fake login window that is designed to steal your Apple Account credentials. Once you fill in your username and password, the hackers have access to everything locked behind your Apple Account’s protected front door. And if that doesn’t do the trick, the popups also display a phone number that the hackers control, which will connect you to someone who will attempt to steal your login credentials.

It’s a clever trick that could well fool an unsuspecting user. And interestingly, it’s one that has recently been adapted to specifically target Apple fans rather than computer users in general.

Targeting Mac users

A person using a MacBook with an Apple Studio Display.
Apple

Initially, this scam was aimed squarely at Windows users. Its phishing pages were hosted on Windows.net servers, which lent credence to the pages since their Windows.net URLs appeared to be connected to Microsoft.

However, Microsoft updated its Edge browser to combat this trick, and similar updates have rolled out to Chrome and Firefox. This stopped 90% of the attacks on Windows PCs, LayerX believes.

That didn’t put the hackers off, though. Since then, the attackers have shifted focus to the Mac, as Safari apparently has not been covered by the security updates. As a result, the hackers adjusted their campaign so that the popups now look legitimate to Mac users. For instance, the popups now claim to be an “Apple Security warning” and state that “MacOS has been locked due to unusual activity.”

That shows clearly that attackers are not afraid to target Mac users with their malicious campaigns. If macOS appears to be unprotected in some way, hackers will quickly adapt their tools to take advantage. As a Mac user, that means you need to be prepared.

How you can stay safe

A MacBook Air runs Norton 360 Deluxe antivirus software.
A MacBook Air runs Norton 360 Deluxe antivirus software. Alan Truly / Digital Trends

If you’re concerned about your safety online when using a Mac, there are a few things you can do to stay safe. Firstly, always ensure you have correctly typed a website address before you visit it. This attack relied on misspelled web addresses being entered into your browser, so be sure that everything is as it should be before you hit Return.

You should also install an antivirus app on your Mac, as many can detect this kind of phishing scam. Antivirus apps don’t slow down your Mac anywhere near as much as they used to, and there’s no compelling reason not to use one. The benefits far outweigh the drawbacks.

Next, if you see a popup claiming that your browser is infected, don’t panic. Hackers want to rush you into a decision before you can think straight. Take a breath and think about what to do.

That means you shouldn’t enter your account details into a suspicious popup window, and don’t call an unknown number claiming to be for a company’s official support team. If you need to contact Apple support, be sure to do it at the official, correctly spelled website.

And finally, remember that Macs are not invulnerable to hackers and phishing attempts. Stay on your guard online and you will stand a strong chance of staying safe.

Alex Blake
Alex Blake
Computing Writer
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
Topics

Editors’ Recommendations

A new report slams MacBooks’ repairability. Here’s what you can do if you need to fix yours
A person repairing a MacBook on a blue table.

Apple’s best MacBooks have earned a reputation for generous software support and top-tier build quality, two factors that mean they often last far longer than their rivals. But the flipside of the coin is the fact that MacBooks are incredibly difficult to repair, requiring specialized tools, complex disassembly and the enduring patience of a saint.

That idea has been reinforced by a recent report (PDF download) from the US Public Interest Research Group (PIRG) Education Fund, which found that Apple’s MacBooks are the second-worst laptops in terms of repairability, with only Lenovo scoring lower. Worst of all, most of Apple’s poor score came from an extremely low disassembly rating, which will be ominous reading for anyone about to undertake the challenge of tearing down their pricey laptop.

Read more
Apple’s best M4 Macs are deeply discounted – here’s why now is the best time to buy
The Mac mini up on its side on a desk.

A few years ago, I bought a refurbished MacBook Pro with M1 Pro chip from Apple. This, it turned out, was one of the best decisions I could have made. The MacBook Pro was in like-new condition, yet I got it with a deep discount. It’s a device that is still going strong today.

Now, Apple is at it again, and this time you’re able to score money off on two of the best Macs available right now. What’s more, these are just any old discounts – they’re serious cuts of around 15%, which is a significant saving when you’re talking about a device that costs hundreds or even thousands of dollars.

Read more
I found an app that fixes macOS Sequoia’s annoying pop-ups
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

Years ago, back when I used Windows Vista, I got so annoyed by the constant User Account Control (UAC) pop-ups asking for permission seemingly every time I did anything that I downloaded an app that could silence them for good. Perhaps not the most sensible thing to do from a security perspective -- OK, definitely not the most sensible thing to do -- but I was a desperate man. These days, I’m getting similar vibes from macOS Sequoia.

That’s because Apple’s latest operating system will nag you about permissions on a monthly basis for anything that records your screen. Granted, it’s not as frequent as what I’d get in Windows Vista -- and these prompts were actually weekly in the macOS Sequoia beta, which caused such a blowback from users that Apple changed the frequency -- but it still feels like it’s going to be a real pain for me and a lot of users. Sure, macOS Sequoia hasn’t actually been out long enough for me to be bugged by these alerts every month yet, but I don’t want to hang around until I start pulling my hair out. I need to take action now.

Read more