Phishing scam hits Mac users - stay safe online
We received word this morning of what could be a brand new phishing attack that’s in circulation at present - an email which purports to relate to a recent Apple retail transaction and asks for details of any recent orders. The email (image above) also carries a stuffed file. This contains an ‘exe’ file which will only launch on a Windows machine, as with all such phishing trips, be advised not to click on any attachments from sources you don’t know/trust.
The email reads: “We recorded a payment request from ‘Apple Inc.’ to enable the charge of $7,548.45 on your account.” It then goes on to advise readers to click on the attachment in the email in the event they want the transaction stopped.
The reader who forwarded this to us wrote: “I thought you might be interested in this. It looks like your usual phishing scam, but is targeted at Apple users, which makes me think the attached file might actually be harmful to a Mac (if opened). Not seen this before, it has come at a time where I do have an open order with Apple for my new iMac. I did tweet something about waiting for my iMac this morning, I wonder if I was targeted because of that?”
While Macs seem pretty secure against malware attacks on a system basis, Macs and iPhones can suffer from various kinds of associated hacks - anything from Key logging to phishing and more. Most of these are related to the way we use our Macs, and authors of such tricks benefit from the actions of uneducated users.
While Mac users tend to stand slightly aloof from those on Windows systems due to the innate security of the OS itself, when it comes to fooling users into allowing inappropriate things to happen, Mac people are equally as prone as their Windows siblings, a new report states.
A survey of 1,003 people commissioned by security firm ESET found that most cybercrime losses are caused by phishing attacks, and users are equally at risk to these attempts, whatever the OS.
"Phishing attacks are just as effective on Macs, Linux, Windows, Solaris and any operating system since they rely on tricking the user and not on malicious software or any software vulnerabilities," Randy Abrams, director of technical education at ESET, said. "The Mac offers no immunity to phishing attacks and so we see a virtually equal percentage of victim representation across the board."
Trojan attacks are less effective. In these a user is tricked into activating an application which commits some form of mayhem on their system: however, the majority of these are Windows based, or require Internet Explorer, or both, so Macs are generally safe.
There is some good news for Mac users: "Of note, we did find a lower rate of cybercrime victims among people who use both a Mac and a PC," Abrams said. "This is probably due to a higher level of computer and internet knowledge,” Abrams adds.
Another security problem came to light yesterday, when experts compromised email names and passwords from an iPhone over WiFi. This led researchers to warn users not to access password-protected services (such as online bank accounts) using unprotected public WiFi networks.
Smartphones are vulnerable to the same Web-based and e-mail attacks that have long hammered PCs. One in five smartphone owners has already encountered what's known as a phishing scam, where hackers pose as a bank or some other trusted institution in an attempt to collect personal user information, according to a survey of 1,016 U.S.smartphone users conducted by virus-scan vendor Trend Micro in May.
If you want to develop a better understanding of how Mac security works, or generally put into effect various systems to prevent you or your family being hacked, phished or otherwise hit by consumer-focused online scams, these three books may be of help.
Maximum Mac OS X Security
The Mac Hacker's Handbook
The Internet: The Missing Manual
Delicious
Digg
StumbleUpon
Reddit
Facebook
Google
YahooLatest Stories on 9 to 5 Mac
- Apple patents the 3D Apple Store - Alice in Avatar-land
- Surprise: Warner admits iTunes sales slow on price hikes
- Apple ships Aperture 3: 64-bit, Snow Leopard/Intel only, 200 features, $199/£169 (demo available)
- What's coming to the Apple Store this morning?
- Apple Store Down. Can we has Core i7 MacBook Pros?
- Apple podcasts Mac advice video clips
- iPhone gains, BlackBerry loses US smartphone marketshare
AAPL Stock Coverage
196.19+2.07
Poll
Recent comments
- Could also mean that Apple
18 min 58 sec ago - Actually the £ makes a lot of
42 min 14 sec ago - You know why Warner didn't
1 hour 36 sec ago - Why would Apple do this?
1 hour 36 min ago - Cocoa is 64bit, Carbon (old)
1 hour 41 min ago - I don't believe in
1 hour 45 min ago - Sounds like hell to me. One
2 hours 8 min ago - This is going to hurt:
99¢ is
2 hours 27 min ago - what is source?
2 hours 37 min ago - Bazzinga!
2 hours 41 min ago
Who's online
There are currently 1 user and 0 guests online.
Online users
- Mark Gurman
Comments (15)
Nasty fucktard phisher cocksuckers !
Holy crap. Who would actually fall for that? "Download and install the transaction inspector module"??? Really. Pathetic.
Think about members of your own family who you have helped with computer issues.
Makes ya cry!
Part of me wants to say, "people are too smart to fall for such an obvious fake!" I mean, look at the spelling and grammar errors alone!
But then I realize that yes, a lot of people WILL fall for this, and half the people on Mac comment boards and forums wouldn't recognize a spelling or grammar error if it came up and dangled their participle.
sad, but so true (well said)
One can only wonder how in the hell the windows EXE file is dangerous to a _Mac_ user? ;)
since when has an EXE file ever been a security risk to us OSX users? unless you're running windows on a mac there's no chance of anything happening when you double click on it.. ;)
How is this targeting "Mac users"? The only Mac-relation is the companyname in the mail. And it's an .exe... Slow news day? :)
This is targeted to anyone who has purchases with Apple, which means itunes (windows or mac), or anything else. Since it is an exe I would say this is targeted at windows users that have some apple product, not mac.
There is still no risk to a Mac with an .EXE file. Best it could do was open Fusion or Parallels or Crossover and fuck up your Windows partition. Whoopdedoo. There also has to be a lot of other variables involved to even get to that point. This seems to be a phishing scam aimed at Apple users, you know... iPhone and iPod are on Windows now too. ;)
lame, doesn't harm my shit even if i was stupid enough to fall for such an obvious ruse. FAIL
This must be old data. This is what you find on the Snow Leopard security page.
Don’t go phishing.
Phishing is a form of fraud in which online thieves try to acquire sensitive information such as user names, passwords, and credit card details by creating fake websites that look like legitimate companies. The antiphishing technology in Safari protects you from such scams by detecting these fraudulent websites. If you visit a suspicious site, Safari disables the page and displays an alert warning you about its suspect nature.
this is NOT aimed at mac users -- it is being distributed through vast mailing lists that the perpetrators have accessed -- including large retailers such as apple. if you search key phrases of the email's text, you'll find a long history of use with many different sender aliases used.
Mac users need to be educated on the risks of phishing despite the fact that heretofore they have not been the major target of attacks.
The CEO of Intrepidus Group, the white hats of the industry, is conducting briefings this week and next to educate Mac editors on the risk of phishing to Mac users. Interested Mac editors should contact derek.kol@ventanapr.com for appointments.
Actually, Apple is but one of the many company names being abused in this Trojan spam campaign of phony 'payment request' messages. We have seen roughly the same number
of messages for 'Apple' as several other company names. Thus, it is a bit of a stretch to draw any conclusions regarding Mac phishing trends on the basis of this campaign alone.
Mike Wood
Threat Researcher
Sophos Inc.