![How 6 Leading Brands Use Content To Win Audiences [E-Book]](https://contentmarketinginstitute.com/wp-content/uploads/2025/03/content-marketing-examples-600x330.png?#)
![Building A Digital PR Strategy: 10 Essential Steps for Beginners [With Examples]](https://buzzsumo.com/wp-content/uploads/2023/09/Building-A-Digital-PR-Strategy-10-Essential-Steps-for-Beginners-With-Examples-bblog-masthead.jpg)
![How to Use GA4 to Track Social Media Traffic: 6 Questions, Answers and Insights [VIDEO]](https://www.orbitmedia.com/wp-content/uploads/2023/06/ab-testing.png)
Mac Users Should Be on the Alert for This New Phishing Scheme
It might look convincing, but don't enter your Apple ID.
Mac users take note: A well-known (and relatively sophisticated) phishing scheme previously targeting Windows is now being redirected at macOS and Safari in an attempt to obtain login credentials (your Apple ID).
On Windows, this scam worked by displaying fake security alerts on compromised websites claiming that the user's device had been "compromised" or locked" at the same time that malicious code caused the website itself to freeze (making the scam more convincing). The notification prompted users to enter their Windows credentials to regain access—obviously handing them directly to the attackers to take over their accounts. Users were also advised to call a fake hotline, where they were pressured to pay a ransom or allow remote access to their machines.
According to a post by LayerX Labs covering the scam, this attack was successful for over a year—in part because the alerts impersonated real Microsoft notifications so well, with sophisticated phishing sites hosted on a legitimate Microsoft domain (windows[.]net) and randomized subdomains that rotated frequently.
How this phishing campaign works on Mac
As 9to5Mac notes, the campaign quickly pivoted to targeting macOS and Safari after anti-scareware was released for Edge, Chrome, and Firefox in February. It works similarly with pages and text modified for Mac. You can be targeted on Safari if you mistype a URL while trying to access a legitimate website, after which you'll be redirected through a compromised "parking" page to a phishing attack page. As with Windows, you may be prompted to enter your Apple credentials to fix the problem.
LayerX Labs states that phishing campaigns targeting Mac "have rarely reached this level of sophistication," though the screenshots of the security pop-ups included in the report contain spelling errors and don't fit Apple's style. As always, bring a critical eye to any communication or alerts that seem urgent or request sensitive information, as you'll usually be able to spot such discrepancies.
Otherwise, make sure you type in the correct URL for the sites you want to visit, or search for them on Google and scroll past the ads to the real results before clicking through. And keep an eye out for security updates from Apple so you can download and install patches as soon as they are released.
