A new phishing attack campaign, targeting Mac users and identified by LayerX Labs, “shows the trials and tribulations of combating online phishing, and how attacks morph and shift in response to adaptations by security tools.”
For the past few months, LayerX has been monitoring a sophisticated phishing campaign that initially targeted Windows users by masquerading as Microsoft security alerts. The campaign’s goal was to steal user credentials by employing deceptive tactics that made victims believe their computers were compromised.
Now, with new security features rolled out by Microsoft, Chrome, and Firefox, the attackers have shifted their focus to Mac users. Before this, LayerX has not observed attacks on Mac, but only against Windows users. According to LayerX, this attack campaign underscores two critical points:
° Mac and Safari users are now prime targets – While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication.
° Cybercriminals are highly adaptable – As security measures evolve, attackers continue to modify their tactics, proving that organizations need advanced, proactive security solutions.
According to Macworld, the easiest way to protect yourself from this attack is to verify the URL you have typed into your browser. Bookmark the sites you visit frequently so you don’t have to type in the URL every time. In some instances, you can use a search engine, type the name of the place you want to visit, and then click on the link after looking at the URL it goes to.
