Phishing for Credentials: Why Macs Are Not Immune and What To Do About It
Many tech-savvy businesses today use Mac computers not only because they’re more powerful and sleeker, but because they’re secure by design. Or are they? This is actually a bit of a misconception, as this post explains. In truth, Mac computers can and do fall victim to viruses and trojans, just like their PC counterparts, but since the vast majority of people still use PCs (many of them running Windows), Microsoft’s operating system is a more popular target for simple volume reasons.
But that doesn’t mean that you aren’t a target if your business runs on Macs. In fact, when it comes to today’s common web-based attacks, it often doesn’t matter what type of hardware or operating system you’re running. A particularly common threat for Mac users is credential phishing, in which attackers attempt to trick users into typing in their usernames and passwords, which are then used to steal information or extort money.
So Macs aren’t immune to security threats, not by a long shot. But that doesn’t mean there’s nothing you can do to fight back.
Why Macs Aren’t Protected From Credential Phishing
As we mentioned above, web-based threat vectors like phishing emails don’t care what kind of hardware or OS you’re using. They can slip right past Apple’s supposedly rock-solid defenses. So if your users are not properly trained to recognize phishing attempts, avoid clicking, and escalate issues to IT, they can easily jeopardize the entire network.
Take this Mac phishing scam for example. Attackers developed tens to hundreds of phishing websites designed to steal Apple IDs and passwords. Once users clicked on the links in emails that appeared to be from “Apple,” they were taken to a webpage that looked like Apple.com and prompted to enter their usernames and then their passwords. Lo and behold, attackers used the stolen credentials to gain access to accounts and devices.
How to Protect Your Mac Shop from Credential Phishing
Luckily, there are two strategic layers of defense you can implement to mitigate even the trickiest of credential phishing attacks against Mac users. Here are our recommendations:
Your users are your first line of defense, so the better prepared they are to spot a credential phishing attempt, the less likely it is that one will successfully compromise your business. As we explain in detail in this post, there are several things you can train your team to be on the lookout for, including:
- Emails or other online messages that ask for personal information (e.g. usernames, passwords, account numbers)
- Grammar errors (e.g. random capitalizations, misspelled words)
- Malicious links (e.g. g00gle.docs.com rather than docs.google.com)
You should bake this training into your employee onboarding process, as well as refreshing people about it periodically. Refreshers are especially important when a new threat is disclosed. Showing employees how they should be responding to a new phishing or ransomware attempt (such as this one we recently spotted) is a practical way to avoid successful attacks.
Training can go a long way in preventing attacks, but it’s not bulletproof. Many businesses have “happy clickers,” people who are all-too-eager and will click on a link without thinking twice.
But even the savviest of employees can accidentally click a bad link or download a malicious file, especially with an attack as clever as this credential phish. This is why it’s critical to have a second level of protection that absolutely ensures attacks won’t get through. Malware protection like Strongarm can help you to altogether prevent phishing attacks from succeeding, even if a user clicks on or downloads something malicious.
Installed across your company’s network, Strongarm detects attacks in real-time and immediately quarantines them. That means even if a “happy clicker” fell for a credential phish, the attack would be blocked and your IT team would be alerted of the issue in real-time, along with all the information they need to effectively remove it.
While user education is an important line of defense, only malware protection that is designed to stop today’s cleverest web-based attacks will provide a complete and thorough defense.
Ready to give your Mac users the protection they need to fend off today’s tricky credential phishing?