A new report by Kaspersky, reflected in 9to5Mac, reveals what you may have suffered in your meats: there are more and more phishing on Macs . I know that this fraudulent activity is independent of the platforms we use (usually emails or websites), but we are talking about emails and websites that want to physically trick users of Apple products and services.
How? e.g. emails pretending to be sensitive official information, such as confirmations of purchases we haven’t made or “threats” that we will lose our iCloud account unless we “verify our identity” by providing our password. These are emails that have just the interface of the ones Apple officially sends you, so they’re hard for the untrained eye to identify. And are increasing at a rate of 30-40% per year .
Malware in MacOS that exploits a Gatekeeper vulnerability appears in Apple
In absolute numbers, Kaspersky has detected 1.6 million emails phishing sent to users on computers where their security system is installed (a small sample, but certainly indicates a problem). As the number of macOS users grows and the Mac is increasingly present in offices, the perpetrators of these scams and thefts act accordingly.
And that is only those detected, because the report estimates that almost 6 million attacks have been carried out so far this year. On New Year’s Eve that figure can reach 16 million . And 22% of these attacks are directed at Spain. Here is an example of how these emails and web pages can be:
These pages usually appear on sites that promise free series and movies, and on portals with adult content or unofficially distributed software. But sometimes we can also find them on more popular and general websites, so the excuse that we don’t visit certain websites is not valid.
To avoid falling into this type of deception, the following points must be taken into account:
- Apple will never ask you to email your password or banking details.
- Take a good look at the domain from which your mail is sent or the website you are visiting. If it’s not exactly apple.com, you can’t trust it.
- Apple will not inadvertently block your user account: it will do so if someone has tried to enter it from unusual locations and will alert you through secure channels.
- Apple will not use SMS messages to send you the two-step verification code unless you expressly request it for whatever reason. This prevents so-called SIM swapping.
- Be wary of any mail with typographical or spelling mistakes.
- If a website tells you you’re infected with a virus number, be suspicious. A website can’t just pop up and show you the results of an in-depth scan of your Mac, iPhone, or iPad.
- If you receive an email with a purchase confirmation and a link to a cancel button, be wary. They’re just trying to scare you.
- Apple cannot detect “problems” on your device remotely. If you get an email saying you’re infected, don’t trust it.
Remember that Apple always has its technical support online to resolve any questions or issues you may have. Installing an antivirus will not solve the root cause of receiving suspicious emails , so my recommendation is that we simply have a good eye and learn to differentiate a legitimate warning from a misleading one.