Mac users should be careful to enter the addresses of the websites they want to visit correctly. There is currently a wave of phishing attacks targeting Internet users with Apple computers. Hackers are exploiting compromised domain names that resemble the addresses of major brands, for example: aplee[.]com instead of apple.com), to redirect users to extremely anxiety-inducing web pages.
Alerts to gogo
The pages in question replicate the design of brand websites (Microsoft is also targeted), dotted with alerts and error messages urging the visitor to contact technical support urgently. Dialog boxes also request usernames and passwords, which should be avoided, of course.
Hackers exploit the full range of available web capabilities: closing the window switches the malicious site to full screen, which could lead one to believe that the Mac is compromised. There is even an audio file that is played, claiming that the computer has been blocked. and that the IP address was used without the user's consent.
This technique, known as "scareware," can be overwhelming for Internet users who aren't necessarily used to it: this is how scammers hope to lure victims into their nets to steal data or worse. This isn't the first time, nor will it be the last, that Mac users have been targeted by phishing campaigns, but this one has something special about it.
Security researchers at LayerX, who identified this attack, explain that hackers pivoted to Macs after Microsoft integrated new security measures at the beginning of the year. They allow Edge, Chrome, and Firefox browsers to block these types of sites, thanks to a good dose of AI. Attacks against Windows have also dropped by 90%.
There is little doubt that scammers will relaunch their phishing sites on Windows as soon as they find a way around Microsoft's protections. But in the meantime, it is Mac users who must be careful where they set foot!
Source: LayerX
0 Comments