Sunday, February 16, 2020

Phishing Attack on MacOS




Phishing is always something that happens to others - until you fall for it yourself.

Today afternoon I was just sitting in a corner scrolling up and down Twitter when I suddenly remembered an email I received yesterday. A message from Apple had informed me that my account needed verification, and I was supposed to respond within 24 hours!

Was it already past 24 hours? Did I miss the deadline??

I hurried back to my Macbook and found the forgotten email. The subject line had a case# and the message itself had a stark message highlighted in the typeface and layout typical of the company websites - "Apple Case - we need your verification".


The sender's address started with the usual "no-reply" but in my haste I scrolled down and clicked on the "login" hyperlink within the message.  The usual apple id page turned up and I quickly typed in my login id. A familiar pop-up asked for my password and as soon as I entered it, a new window came up for my Yahoo id and password. It is only now that I started having my doubts.

Why does Apple need my Yahoo password for verification??

I went back to the Apple id login page and checked again -- even though the page looked exactly like the original one, none of the banner icons showed the usual URLs. With my apprehension slowly turning into panic I went back to the email message and found several grammatical errors - "For Secure to account, We need to verification", and the sender's long email id made no sense at all!

By now I was quite certain that I had been suckered. Having already sent out my id and password what could I possibly do? I searched for the Apple customer-service numbers and found 000-800-100-9009 for India but it turned out that this number could not be reached through the Airtel mobile network. I had to use a landline.

Once the customer-support rep, Ashraf, turned up online, the problem was sorted out in a few minutes - my password was changed, and a troublesome app (Paragon-NTFS) too got cleared in the process.

So the thing to remember in India is that as far as phishing attacks on Apple products go, it is better to -

  • Keep the helpline number 000-800-100-9009 handy, and check in advance to see if can be reached through your mobile service provider
  • Set aside time to deal with such messages - rushing to meet a "deadline" makes you do stupid things
  • Report such messages to abuse@icloud.com
  • Don't expect to see silly grammatical errors in the message you receive. The attackers too are learning from their mistakes.

-----------------------------------------------
LINKS

Apple Support India - https://www.apple.com/in/contact/

Phishing and Other Suspicious Emails - https://www.apple.com/ca/legal/more-resources/phishing/

Increase in Phishing Attacks on MacOS (2019) - https://www.livemint.com/technology/tech-news/phishing-attacks-on-apple-mac-os-and-ios-up-by-9-in-2019-kaspersky-report-11569735034318.html