Reports have shown that the volume of malicious attacks targeting Apple's MacOS and iOS have been fewer compared to Microsoft's Windows and Google's Android. However, that doesn't mean Apple users have nothing to worry about.
Cybercriminals are going after Apple devices and they are turning more to phishing attacks as they are platform agnostic, carried out through social engineering and have been found to be more effective. According to Kaspersky's latest "Threats to Mac Users 2019" report, Mac computers, iOS-based mobile devices, and associated web services together faced 1.6 million phishing attacks in the first half of 2019. This number is 9% more than the total number of attacks on Apple devices in the entire 2018.
In any phishing attack, the objective is to steal sensitive information such as usernames, passwords, credit card number, and any banking and financial details, which could be misused or sold on DeepWeb— part of the World Wide Web which is not indexed by search engines and lies between Surface Web and Dark Web.
While phishing attacks are carried out through an email or instant message, they are widely used to support other malicious attacks such as Man In The Middle (attacker places himself between two devices to intercept communication) and Cross Site Scripting (here attacker injects a code into a legitimate website which executes when a user opens it).
According to the Kaspersky report, the most frequently used phishing attack against Apple users try to imitate iCloud service interface and steal credentials to their Apple ID accounts. Links to such fraudulent schemes are usually sent through spam emails. These emails will claim to be sent by Apple technical support asking users to click on the link for verification or their account will be deactivated.
Scaring users with false warning messages and getting them to click on a few links to keep them safe is another popular phishing scheme that is being used against Apple users.
The report further shows that the frequency of attack varies from region to region. With 30.9% affected users, Brazil had the highest number of phishing attack cases on macOS, while India with 22.1% and France with 22% affected users are the other two countries were phishing attacks are rampant. The most active malware used against macOS users belonged to the Shlayer family, that disguises itself as Adobe Flash Player updates to target users.
"We believe these schemes pose an even greater danger to Apple users than similar schemes against users of other platforms – such as Windows or Android. That is because the ecosystem around Macs and other Apple devices is generally considered a far safer environment. Therefore users might be less cautious when they encounter fake websites," warned Tatyana Sidorina, security researcher at Kaspersky in a press statement.
Speaking on the seriousness of such attacks,
Sidorina points out that with a phishing attack cybercriminals can acquire user's iCloud account credentials and remotely block or wipe an iPhone or iPad. She urges users to pay more attention to any email which claims to be from technical support and is asking them for details or to click on a link.
The Kaspersky report is based on threat statistics voluntarily shared by users of their global cloud based security network.