The number of phishing attacks targeting users of Mac computers, iOS-based mobile devices, and the associated web services ecosystem to lure them into fraudulent schemes has reached 1.6 million in the first half of 2019. This figure is around nine percent greater than the attacks experienced in the whole of 2018. The growing number of users of popular digital devices is clearly attracting more and more cybercriminals. This is one of key finding of Kaspersky’s Threats to Mac Users Report 2019.
While the volume of malicious software threatening users of macOS and the iOS mobile platform is much lower than that threating user of Windows and Android platforms, when it comes to phishing – a platform-agnostic cyberthreat – things are quite different. As they rely on social engineering, most phishing attacks have nothing to do with software. As Kaspersky’s recent research showed, the number of cases where users faced fraudulent web pages utilizing the Apple brand as a decoy has increased significantly in the first six months of the year, reaching 1.6 million. This figure is nine percent higher than during the whole of 2018, when Kaspersky security solutions prevented more than 1.49 million attempts to access Apple-themed phishing pages. The research is based on threat statistics voluntarily shared by users of Kaspersky Security Network – a global cloud infrastructure designed for immediate response to emerging cyber threats.
Among the most frequent fraud schemes are those designed to resemble the iCloud service interface and to steal credentials to Apple ID accounts. Links to such services usually come from spam emails which pose as emails from technical support. They often threaten to block user accounts should they not click the link.
Another widespread scheme is the use of scaremongering pages that try to convince the user that their computer is under serious security threat and it will only take a couple of clicks and a few dollars to solve those issues.
Other findings of the report include:
- ·The total number of phishing attacks detected in the first half of 2019 on Mac computers protected by Kaspersky solutions was almost 6 million. The whole of 2018 saw 7.3 million hits.
- ·39.95% of them were aimed at stealing user's financial data. That is 10 percentage points more than in the first half of 2018.
- ·Some regions had more macOS users hit by phishing than others: Brazil leads this list with 30.9% of users attacked, India follows with 22.1% and France with 22%.
- ·The most active malware to hit macOS users were variations of the Shlayer family, that succeeded in distribution by disguising itself as Adobe Flash Player updates.
“While technically these fraud schemes are nothing new, we believe they pose an even greater danger to Apple users than similar schemes against users of other platforms – such as Windows or Android. That is because the ecosystem around Macs and other Apple devices is generally considered a far safer environment. Therefore users might be less cautious when they encounter fake websites. Meanwhile the successful theft of iCloud account credentials could lead to serious consequences – an iPhone or iPad could be remotely blocked or wiped by a malicious user, for example. We urge users of Apple devices to pay more attention to any emails they receive claiming to be from technical support, which request your details or ask you to visit a link,” - said Tatyana Sidorina, security researcher at Kaspersky.
