Slick little phishing email
There’s a new phishing email going around, targeted at Mac users. It’s not real, don’t give them any of your information. A couple of screen captures below:
This is typical of the kinds of attacks targeting Mac and iOS users more and more these days. As mentioned in a previous post, these are “social engineering” attacks that don’t have the ability to bypass any of the security built-in to MacOS or iOS. Instead, they try to mimic the look of a legitimate e-mail and/or website to trick users into giving them personal information, passwords, or financial information. Often they re-purpose graphics from the legitimate site in order to make their counterfeit more convincing.
The key to avoiding getting taken advantage of by these types of attacks is to go directly to the legitimate site in your web browser, not by clicking on a link, but by typing the URL in to your browser directly (in this case it would have been apple.com.) If there is actually a security issue you would be notified once you are logged into your account.
If you ever have any questions about the authenticity of an email or website, you can always look at the URL itself in the top of your browser window. If it doesn’t contain the exact URL of the site that you intended to be visiting, close the window and type the URL in a new window by yourself.
You should note that Apple’s built-in defense software will likely block the URL mentioned in the above email shortly if you’re running the current OS, protecting users from inadvertently giving away their information!
Have you seen an increase in these kinds of attacks recently? Have tips to share to help users avoid being tricked? Have questions about what to do if you think you may have made a mistake? Let us know!