After the recent Windows phishing scam, cybercriminals have now turned their attention to Mac users. The Apple ID fraud takes the users' sensitive information. Attackers changed their target as Microsoft's latest security update tightened Windows’ security, says cybersecurity company LayerX Labs.
Hackers design fake sites that appear as Apple security notices, fooling users into entering their login information. After it's stolen, this information can be used to get into iCloud accounts, including documents, images, and backups. Attackers also try ‘credential stuffing,’ which means stolen passwords are used for multiple services to gain unauthorized access.
LayerX Labs cyber security expert Eyal Arazi cautions that such a data breach can result in identity theft and financial scams on a large scale. "Access to an Apple ID may compromise sensitive user information and even other connected accounts," he added.
The phishing attack initially targeted Windows users, with spammers sending false security warnings on Microsoft's Windowss.net website. Malicious scripts were executed by attackers to freeze web pages, giving the impression that the user's machine was infected.
However, Microsoft's anti-scareware update on Edge, along with other comparable security features on Google Chrome and Mozilla Firefox, caused a 90% decline in Windows phishing attacks. It is also the reason why hackers shifted towards targeting Mac and Safari users using similar techniques but newly redesigned phishing pages.
Cybersecurity experts recommend that Mac users exercise caution and follow these steps:
Turn on Multi-Factor Authentication (MFA): Provides an additional layer of security.
Use a Password Manager: Lowers the threat of credential stuffing.
Check Websites: Go to Apple's legitimate website rather than clicking on questionable links.
Don't Be Rushed: Phishing attacks typically use high-pressure tactics.
Stay Informed: Training and awareness will help users identify and block phishing attacks.
As hackers keep developing their techniques, remaining up-to-date and following effective security measures has become important in today’s modern world.