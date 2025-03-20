Though it originally focused on Windows users, a phishing attack has now jumped over to try and trick Mac users into giving up their log in credentials.

According to LayerX Labs, who have been tracking this campaign for more than a year, the phishing attack attempts to trick Mac users into thinking that their computers have been “locked” via a fake security warning that pops up while users are browsing the internet.

The webpage then appears to be frozen which, like most phishing attempts, adds a sense of urgency and fear that something is wrong with your computer. The window that appears displays a warning that the computer has been subjected to a trojan virus and asks the user to enter in their Mac username and password.

It also provides a phone number to contact “support,” however, when Macworld called this number they only got a message playback that said the recipient was not available and to call back between 8am and 5pm – even though they were calling during that time frame. The number is obviously fake and will likely never be answered.

The warning message, captured in a screenshot by LayerX Labs, contains some glaring errors that show it’s not legitimate: It does not conform to any of Apple’s styling either in color or general appearance and misspells macOS as “MacOS.”

How to stay safe

LayerX Labs reports that users have been stumbling into these phishing attacks mainly by making typos in their browser's address bar which are then leading them to compromised domains. These compromised pages redirect the victim through multiple sites before landing them on the attack page.

The easiest way to avoid this attack is to make sure you're visiting the correct website. Verify that the URL you’re typing into your browser is the correct one, and bookmark sites you visit frequently so you don’t have to type them in each time.

Use a search engine to find a site and then click on the link in the Google results, since if you make a typo, Google will auto correct for you. However, when searching for any site in a search engine, it's always a good idea to scroll down a bit since hackers often use malicious ads to take you to phishing pages too.



Also, always install security patches as soon as they’re released. Although your Mac comes with built-in security in the form of XProtect, it's also a good idea to invest in the best Mac antivirus software too. Likewise, you want to make sure that you know the common techniques and tricks used in phishing attacks, so you can spot them when you see them, too.

If you keep a level head about you, practice good cyber hygiene and educate yourself about the latest threats, you should be able to avoid falling victim to this attack and others like it.