Skip to main content

Here’s why phishing attacks against Macs are rising at an alarming rate

Is your Mac safe from phishing? Kaspersky says it’s not

It’s a commonly held belief that Macs are immune to malware. But while the risk of attack for Apple’s computers is much less than that faced by their Windows counterparts, they can still be compromised and infected — just look at the Zoom infection that occurred earlier this year.

This point about the ongoing vulnerability of Macs has been rammed home by antivirus firm Kaspersky, which just published a report claiming that phishing attacks on Mac users could double from their 2018 rates by the end of this year. That’s an alarming trend for anyone using one of Apple’s computers.

The firm said that in the first half of 2019, its software detected almost 6 million phishing attacks targeted at Mac users, with 1.6 million attacks making use of the Apple brand name by June 2019. A phishing attack is one where a malicious actor attempts to trick you into giving away sensitive information — for example, by sending you an email masquerading as an Apple message and asking for your Apple ID login info, which can then be used to make fraudulent purchases.

Kaspersky’s software detected 852,293 phishing attacks on MacOS in 2015. That rose 86% to 1.5 million in 2016, then grew to 4 million by 2017. There were 7.3 million attacks in 2018, and the company has detected 5,932,195 attacks so far in 2019. It predicts that if the growth continues at its current rate, there could be over 16 million attacks targeted at Macs by the end of 2019, more than doubling the 2018 number.

Apple has a number of tips on how to avoid falling for phishing attacks. It will never ask for your Apple ID password or verification code in order to provide support, and will not launch browser pop-up windows warning you that your Mac is infected. If you get an unsolicited phone call from someone claiming to be from Apple, hang up and contact Apple directly.

However, there is a degree of good news in Kaspersky’s report. Both the number of malicious files in the wild that target Mac users and the number of times Kaspersky products detected malware and potentially unwanted software on Macs look to be declining in 2019 compared to 2018. That suggests that bad actors are refocusing their Mac efforts on phishing rather than on viruses and other malware files.

Kaspersky’s report outlined that, although both the number of malware attacks and the number of affected users have both been increasing annually since 2012, in 2018 the number of affected users actually dropped noticeably from around 255,000 to 87,000. Indeed, the company concluded that “the era of explosive growth [of Mac malware] seems to be behind us, and we cannot but notice the decline in the activity of cybercriminals on this platform.”

Instead of full-fledged viruses, most of the Mac malware detected by Kaspersky was adware — in other words, malicious files that run ads in as many places on your Mac as possible — which requires much less effort to create than a virus. Kaspersky’s report speculated that, “The reasons for this are both the fact that there are fewer potential victims and the efforts that Apple is making to protect its customers.”

It’s worth noting that this is only a partial picture, as it only includes attacks detected by Kaspersky’s Mac software. Attacks on Mac users who were running different antivirus apps (or weren’t running antivirus software at all) didn’t enter the picture, so the total number of attacks is likely to be higher.

If you’re looking to protect your Mac, you should install an antivirus app. We’ve rounded up your best options to help remove the guesswork in keeping you safe on your Mac.

Editors' Recommendations