Mac scammers are now masquerading as Apple

High-pressure scams rely on trusted brand names

The coast has been pretty clear for Mac users over the last few months, with a decline in pop-ups warning about infection, and offering to sell a solution to problem that doesn't exist.

The high-pressure scams are back with a vengeance now, though, with Sophos senior technologist Paul Ducklin covering several in his latest blog post; and they're now riding the coattails of Apple's brand.

In the past, similar scams for Windows-based machines avoided using the name ‘Microsoft' - not that it made any difference to the legality of what they were doing. The Mac scammers have gone a step further by claiming to represent Apple's Support Centre, to the extent of stealing Apple branding and web pages - and actually tidying them up in the process.

Image: Sophos

Sophos found the scams by visiting an infected site that displayed various scams, including three related to Apple.

The first was the above ‘Support Centre' trick, which also included an auto-playing text-to-speech voiceover with some glaring errors (apparently the viruses send details to hackers ‘remottly').

The next pop-up used the tried-and-true ‘YOUR SYSTEM IS INFECTED' format. Clicking ‘Proceed' redirected to a fake virus scanner and a warning to download a third-party Mac utility.

The third and final scam took the form of a pretty convincing Flash player update, although ironically Adobe skipped Patch Tuesday this month. The link wasn't working, though, so Sophos couldn't check just what damage this one would do.

Macs, famously, are less threatened by cybercriminals than Windows PCs; but attackers are still out there. Sophos' recommendations to Apple users are pretty standard: use threat protection, don't click unknown links and beware of shonky paid-for threat protection tools that pull you in with a free scan. It's all good advice - too many people put all of their trust in Mummy Apple.