Apple users targeted by new password phishing attack

Apple users are being warned about a new password attack targeting their accounts. This threat has already affected Windows users and is now shifting its focus to Macs. The report comes from LayerX, highlighting the ongoing struggle against online phishing attacks. The tactic involves scareware. Attackers create fake security alerts that trick users into thinking they need to enter their Apple ID and password. Instead of legitimate technical support, it is a scam. A fake screen freeze prompts users to input their credentials, putting their accounts at risk. LayerX explains that this type of phishing has evolved. In the past, similar attacks targeted Windows users by making them think their computers were locked. Now, with many users shifting to Macs, attackers are following suit. They have even registered various domains to catch users off guard when they mistype URLs. To make these scams appear legitimate, phishing pages were hosted on Microsoft's Windows.net platform. This gave the false impression of credible security warnings. Attackers have also used sub-domains to avoid detection. If a page is flagged as malicious, they quickly replace it with another URL to evade security measures. LayerX notes that they found anti-bot and CAPTCHA codes on these pages to confuse security tools. After new browser protections were introduced for Windows, LayerX observed a significant drop in attacks. There's hope that similar measures could help Apple users as well. Both Apple and Windows users should remain vigilant. LayerX predicts a rise in attacks in the coming weeks, as scammers continue to test the defenses of these platforms. This serves as a reminder that the fight against phishing and web attacks is ongoing.