Phishing attacks on Mac users doubling; here’s what to watch for

Phishing attacks reaching macOS users look set to more than double this year, with emails specifically claiming to be from Apple growing at 30-40% per year.

In the first half of this year, around 1.6M phishing attacks attempting to fool people into using their Apple ID credentials to login to a fake Apple website were detected by a security company …


Kaspersky says that its figures reflect only attacks on Macs running its own security software – many of which are in corporate environments – suggesting that the true total number of phishing attempts is very much higher.

We started collecting detailed statistics on phishing threats that target macOS users in 2015. The data that has been collected over the last four years suggests that the number of phishing attacks on macOS users is definitely growing, and quite rapidly at that. While in 2015 we registered a total of 852,293 attacks, in 2016 this figure grew by 86% to over 1.5 million, and in 2017 it skyrocketed to 4 million. In 2018, the number of attacks continued to grow, crossing the 7.3 million mark. At this point we can see that during the first half of 2019 alone, 5,932,195 attacks were committed, which means that the number of attacks may exceed 16 million by the end of the year if the current trend continues.

Phishing attacks: what to watch for

For phishing attempts aimed at stealing Apple logins, the most common ones are:

  • Claiming that your Apple account is ‘locked’ and you need to ‘confirm’ it to restore access
  • Sending a receipt for an expensive claimed purchase, with a ‘Cancel’ link
  • A message from ‘Apple Support’ claiming to have detected problems with the Mac

It’s unlikely any 9to5Mac reader would fall for these, but both emails and fake websites can look extremely convincing, as in the above example. The URL is often the only real clue, so it’s worth ensuring your friends are on the lookout for such emails.

By far the greatest number of phishing attempts, however, impersonate banks. Although the hit-rate will be low – only a tiny proportion of those receiving any given email will have an account with the bank in question – the potential rewards of gaining access are huge.

Both in 2019 and 2018, the phishing pages visited by MacOS users most often pretended to be banking services (39.95% in 2019 and 29.68% in 2018), the second popular being global Internet portals (21.31% in 2019 and 27.04% in 2018). Social networks came in third in 2019 (12.3%), taking up the online stores’ place (10.75% in 2018).

Only ever visit your bank from your own bookmarks or by manually typing the URL: never click on a link in an email.

It’s difficult for an attacker to install a virus in macOS, so the vast majority of malware – malicious apps – targeted at Macs is adware. These fake apps do things like hijack browsers to display ads from hacker ad networks instead of the normal ads running on the sites visited. These can also change a browser’s homepage and the default search engine.

Protection against malware is straightforward: only ever install apps from the Mac App Store or the known website of a trusted developer. The most common route for getting malware onto a Mac is via a fake Flash Player update, so again you can help friends by letting them know they should always ignore these – and preferably not allow Flash on their Mac at all.

Sprint iPhone XR deal

You can follow on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.