Phishing attempts are becoming more aggressive and far more sophisticated across all computer platforms — including the Mac. For many years, Mac users were less frequently targeted, but that has changed. Demand for Macs has grown despite overall declining PC sales in the last few years and the scammers know this. Today’s “bad guys” are specifically designing attacks aimed at macOS users. Because of the very high level of security baked into macOS and iOS/iPadOS, social engineering, including “phishing”, has been the leading method of attacking Apple’s customers.

It’s important to understand that phishing is not a traditional computer “virus” that magically infects your machine. Instead, it’s a form of social engineering — you are tricked into clicking, installing, or approving something that looks legitimate. Often these programs pretend to “clean” your Mac, fix performance problems, or protect you from threats. In reality, they do the exact opposite.

Once installed, these malicious applications can be extremely aggressive. They may search your Keychain for stored passwords, attempt to access email accounts, and scan your computer for valuable files — including Word, Excel, PDF, and many other document types. Because they rely on deception rather than technical exploits, even careful users can occasionally be fooled. That’s why ongoing vigilance is so important. Many victims report significant financial losses as well as having lost access to important online accounts (their passwords were changed). This is another reason Multi-Factor Authentication (MFA) is a crucial method of maintaining your security. I rely on MFA several times each day in my daily life. A few extra steps is now the norm to maintain higher levels of security with online systems and you should be doing this, too.

As your computer consultant, I have installed the free MalwareBytes application on your Mac to help detect and remove these types of infections. However, new variants appear constantly, so keeping MalwareBytes updated is critical. I update it whenever I visit, and for some of you I maintain weekly updates through a Munki (Managed Software Center) server. Please make sure MalwareBytes is updated (from the MalwareBytes menu) and run a scan from time to time to ensure nothing unwanted has slipped in. As always, if you have any questions — or would like to schedule a visit to review your security and updates, setup Multi-Factor Authentication, set up new systems, receive training, or address any other technology needs — I’m here to help.