It’s no secret that Apple computers and devices are a bit more secure than systems that use Windows or Android against legacy threats like computer viruses. That’s why cybercriminals look for unconventional ways to breach your system’s defenses, such as phishing attacks. With such attacks, hackers can make you do their job for them.
But what is phishing? Well, phishing attacks are security threats that employ deception and social engineering to trick their targets. “Phishing” comes from “fishing,” where hackers can use messages as bait. There are many different kinds of phishing attacks you should know about:
Phishing emails are the most common infection vector for adware, spyware, Trojans, browser hijackers, and other Mac viruses and malware. Hackers send countless such emails to strangers every day. Hackers can load these emails with dangerous attachments or links to malicious downloads. A typical phishing email may look like it’s from your favorite retailer, bank, or Apple store, carrying some type of offer or warning you about a fake security breach.
Also known as smishing, phishing texts are like phishing emails but are sent via text message. You may find yourself on a smishing list if you list your phone numbers on public forums like message boards or online classified pages. Like phishing emails, avoid opening any text with questionable content.
Experts term any phishing attacks over a phone call or voice message as vishing. Threat actors usually use VoIP tools to employ vishing attacks, and they may combine other types of phishing. For example, a scammer may send a Mac user a phishing email informing them of a security breach with a phone number to call for tech support.
When anglers want to target a particular fish, they may use a spear. Similarly, threat actors use spear-phishing tactics to attack one or a group of Mac users. Spear-phishing threats are more challenging to identify because they’re customized to suit the target. Hackers usually harvest data from social media pages like LinkedIn or Facebook to craft a realistic spear-phishing attack. For example, a Mac user tweeting about buying a new iPhone may receive a fake email offering free accessories that carry malware.
Whale-phishing, also known as whaling, is a form of phishing where an attacker uses an authority figure like a company CEO to deceive a target. Alternatively, they may target the authority figure themselves. For example, they may send a company’s finance officer an email from a CEO requesting a bank transfer to a supplier. Of course, the transfer would go to an untraceable offshore account. Alternatively, the hacker may hit the executive with Apple malware like ransomware or spyware.
Hackers can use the following methods to send you to malicious websites in an attack, also known as pharming:
- Fraudulent emails with links to malicious websites.
- Malware that takes over your Mac’s browser and redirects you to dangerous URLs.
- DNS cache poisoning that tricks your browser.
Hackers can inject malicious code into legitimate platforms to attack users. Arm your computer or device with anti-malware software, and don’t delay downloading Apple security patches to protect your system from different types of threats.