Home > Mac Viruses > How to Detect Mac Phishing Pages and Stop Them

THREAT REMOVAL

How to Detect Mac Phishing Pages and Stop Them

by Ventsislav Krastev | Last Update: March 9, 2023 | 0 Comments

This blog post is made in order to give you insight on how to detect and remove phishing pages which are aimed at your information and it will also explain how you can remove such fake pages from your PC by eliminating the software or site that might be causing them.

So far, phishing does not show any signs of stopping, since there have been countless phishing attacks out there and many users who lack experience with phishing tend to fall for these traps and as a result either financial or personal (or both) information is lost in the process. Most antivirus companies are now actively working in cooperation with web browsers to block phishing web sites from their source hosts that are spreading the URLs at an alarming rate on a massive scale. And this rate of spread cannot seem to be stopped because of the sheer count of the new phishing pages that appear every day. This is why we have decided to provide you with information on how you can stop phishing URLs and how you can make sure that they won’t spread again on your Mac.

How Do Phishing Links Spread on Macs

A lot of effort I put in a phishing attack to make it appear like the original site that targets the victim. Cyber-criminals go as far as to employ clever tactics to spread phishing much faster than normal, using more automated methods, like the ones underneath:

Spreading Via Referrer Spam

Some phishing sites which spread at an alarming rate have been detected to replicate web pages automatically by manipulating Google itself. They use specific Google indexing methods that are known as Web Crawlers and Ghost Referrers that attack websites and spam the phishing URLs on their comment sections and other places on the sites. Web Crawlers, one of the spam bots aim to go through various pages and look for those pages that lack specific security measures against referrer spam, like missing Captcha and so on and use these weaknesses to comment spam URLs. The other method, known as Ghosting uses more advanced and persistent software that does not spread at an alarming rate, but can remain for years on a website, since it uses more advanced tactics to remain hidden and directly connected to it. These referral spam threats are not only bad for the user, but for the website vendor as well, because the pages to which the links point are fake and can lower the website’s reputation. Here is one example of a fake versus actual referral spam redirect by clicking on a URL from a referral spam comment:

Spreading via Adware, Hijackers and Other PUPs

This method of spreading phishing web pages is possibly the most used one, because it is a quick way for the adware developer to become rich via pay-per-click schemes or even if the adware maker is the phishing attacker himself. The spreading can range from fake browser extensions, ad-supported toolbars, software, installed on your Mac and even fake web browsers. All of these unwanted apps may cause redirects that may ultimately lead to the phishing page.

And the benefits for the creators of these ad-supported programs are many as well:

They lead automated traffic by causing redirects to the phishing site.
They show other advertisements that eventually cause redirects to malicious web pages in some cases.
They display phishing pages that aim to steal passwords and usernames.

Such phishing pages can be shown as a result of a web browser redirection or via a fake web page that is posted on a toolbar as some sort of a bookmark. This includes fake login pages, like Facebook imitation login pages, PayPal, Amazon, Apple, LinkedIn and many other phishing scams.

Such unwanted programs are often spread as a result of software bundling, where the application in question is advertised as an included program that is also a useful one and a free offer alongside the current installation. The bad news here is that such bundled applications could be seen on suspicious download sites, or torrent websites. They cannot be easily located, since their installation step often resides In the “Advanced” or “Custom” install modes, looking similar to the example image below:

When it comes to Mac users, the outcome of this is fake web pages that demand to log into services, like iCloud and others, while displaying very well disguised web pages, that look close to the original ones:

Spreading via Viruses and Other Malware

The best method that will definitely result in a lot of phishing pages to appear on your Mac unobstructed is via phishing attacks as a result of malware infections. These types of infections are usually Trojan horses that are modified to display ads. These threats are commonly reffered to as Trojan.Clickers and they often tend to cause a lot of automated redirects to different pages when the victim visits them. One good example is if you try to access PayPal and the virus detects it and as a result you are displayed a fake PayPal web page. The same goes of Dropbox, which was recently the center of attention for many phishing attempts.

Spreading Via Phishing E-mails

Another very well known and often used tactic to spread Phishing pages by sending e-mail spam messages that appear very close to the original ones. According to a research, conducted back in 2017, the most targeted users for phishing are users that belong to Banking sites, electronic payment sites and telecommunications, so the attackers definitely know what they are doing.

And they are very clever on how they perform the phishing schemes as well, since they send very cunning e-mails that imitate the original e-mails very closely:

The e-mails often stress important issues in order to convince victims to give away their vital credentials. The most widespread subjects that are extremely convincing are:

Logged in account from another device.
Unauthorized PayPal transfer.
Suspicious activity on the victim’s account.
Purchasing receipt the victim has not made.

And the body of such e-mail contains images of the company that are basically the same as the original ones that are sent from the company itself, having logos, links to the web pages and even options to unsubscribe, just like in the real ones. And the websites they lead to may not always be blocked by antivirus software, so victims might be thinking “Yes, I have an antivirus, so I’m safe.”, but sadly, that is not always the case.

How to Detect a Phishing(Fake) Page on Your Mac

Detecting a phishing page can be done with ease from your computer at home, and usually that is the best way to go for. If you see a web page and you believe that it is not the real one served to you, because of an icon you saw to be the old one or a logo you saw to not be opened, you should check the URL for phishing. The first giveaway symptom to do so is if you compare the URL wit the original one by checking if there is an “https://” on it’s name. Usually, most phishing pages are only in HTTP and this is possibly the clearest sign that the page is phishing for data, since it’s not even encrypted:

Another very strong giveaway is that the web page lights up when it’s checked by using various different online services, like Scamadviser, for example:

How To Stop Phishing Pages on Your Mac Permanently

If you know how to detect a phishing web page and you have started seeing a lot to show up on your Mac, then this is a sign that your Mac’s security might be compromised by Malware or unwanted software of some sort. This is why, you should go over the following steps to check whether or not you have suspicious toolbars or extensions installed on your Mac’s web browsers, causing redirects to such phishing pages, like we explained earlier:

Remove Extensions and Toolbars from Your Browser

Remove Extensions from Your Browser.

Remove a toolbar from Mozilla Firefox

Remove a toolbar from Google Chrome

Remove an extension from Safari and reset it.

Start Mozilla Firefox. Open the menu window

Select the “Add-ons” icon from the menu.

Select the Extension and click “Remove“

After the extension is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.

Start Google Chrome and open the drop menu

Move the cursor over “Tools” and then from the extended menu choose “Extensions“

From the opened “Extensions” menu locate the add-on and click on the garbage bin icon on the right of it.

After the extension is removed, restart Google Chrome by closing it from the red “X” in the top right corner and start it again.

Step 1: Remove Safari extensions

Start Safari

Open the drop menu by clicking on the sprocket icon in the top right corner.

From the drop menu select ‘Preferences’
In the new window select ‘Extensions’
Click once on the extension you want removed.
Click ‘Uninstall’

A pop-up window will appear asking for confirmation to uninstall the extension. Select ‘Uninstall’ again, and the phishing malware will be removed.

Step 2: Reset Safari

IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

Start Safari and then click on the gear leaver icon.

Click the Reset Safari button and you will reset the browser.

But this is not the only way by which you may have received advertisements and browser redirects to phishing pages. Some malware often disguises itself as a legitimate app, directly installed on your Mac. This is why, to remove such malware, we recommend that you follow the instructions below as they can help you detect the malicious process and delete it as an app:

Removal Step #1: Securing Your Mac Accounts

If you have had your Mac affected, follow the following steps towards securing your Mac.

1 – Disconnect from the web and try to stay offline when possible until the issue is resolved.
2 – Do not type any passwords on your Mac, because malware may be logging your keystrokes to obtain passwords.

Removal Step #2: Stopping the Virus and Removing It

If your Mac is infected and you have located the source of the infection, make sure to first stop it and then remove it by following the steps below:

1 – Open Activity Monitor and then locate the virus process. When you locate it, click on it’s name and then quit it by tapping CMD+Q.
2 – Remove the app from the Utilities folder of the Applications list. Over there, you can use the search box to type in the same app’s name. When you find it, the app may still be running so select it and then click the X icon on top left of it. Then select Force Quit.
3 – Uninstall the program, if it is added on your Applications by following the mini-steps in dark-gray below:

→ -Go to Finder.
-In the search bar type the name of the app that you want to remove.
-Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
-If all of the files are related, hold the Command+A buttons to select them and then drive them to “Trash”.

Important! Most virus authors make sure to hide their code to mask it as a legitimate app, making manual removal difficult. This is why you should scan your Mac for any files that might reactivate infection or objects you have missed, using a reputable malware removal tool, as most experts recommend is the most effective way to automatically remove threats.

Download

Combo Cleaner

Be advised! Combo Cleaner will only detect any unwanted software and threats. If you want to fully remove the threat and secure your Mac automatically from threats in the future as well, you will need to purchase the licensed version of Combo Cleaner.

How to Protect Your Mac In the Future

If you do not want these phishing attempts on your Mac, there are several simple advises that you should follow and that will help you to increase your protection significantly:

Tip #1: Make sure to read our instructive article on how you can detect malware on your Mac (related link below).

Tip #2: Immediately change all of your passwords from a device that is secure. If you lack such, you can boot a live OS from a flash drive, like Ubuntu, for example. New passwords you type should be strong and should not be related to one another as it’s easy to guess them and hence break them.

Tip #3: Always backup your files.

Tip #4: Always choose a web browser that is oriented towards security to stay way from mainstream practices.

Tip #5: Follow our protection tips and try to turn them into your everyday habits.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

Steps to Prepare Before Removal:

Before starting to follow the steps below, be advised that you should first do the following preparations:

Backup your files in case the worst happens.
Make sure to have a device with these instructions on standy.
Arm yourself with patience.

1. Scan for Mac Malware
2. Uninstall Risky Apps
3. Clean Your Browsers

Step 1: Scan for and remove phishing malware files from your Mac

When you are facing problems on your Mac as a result of unwanted scripts and programs such as phishing malware, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.

Click the button below below to download SpyHunter for Mac and scan for phishing malware:

Download

SpyHunter for Mac

scan and remove mac virus step 1

Quick and Easy Mac Malware Video Removal Guide

Bonus Step: How to Make Your Mac Run Faster?

Mac machines maintain probably the fastest operating system out there. Still, Macs do become slow and sluggish sometimes. The video guide below examines all of the possible problems that may lead to your Mac being slower than usual as well as all of the steps that can help you to speed up your Mac.

Step 2: Uninstall phishing malware and remove related files and objects

OFFER

Manual Removal Usually Takes Time and You Risk Damaging Your Files If Not Careful!

We Recommend To Scan Your Mac with SpyHunter for Mac

Keep in mind, that SpyHunter for Mac needs to purchased to remove the malware threats. Click on the corresponding links to check SpyHunter’s EULA and Privacy Policy

1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:

remove mac virus step 1

2. Find Activity Monitor and double-click it:

remove mac virus step 2

3. In the Activity Monitor look for any suspicious processes, belonging or related to phishing malware:

remove mac virus step 3

Tip: To quit a process completely, choose the “Force Quit” option.

remove mac virus step 4

4. Click on the "Go" button again, but this time select Applications. Another way is with the ⇧+⌘+A buttons.

5. In the Applications menu, look for any suspicious app or an app with a name, similar or identical to phishing malware. If you find it, right-click on the app and select “Move to Trash”.

remove mac virus step 5

6. Select Accounts, after which click on the Login Items preference. Your Mac will then show you a list of items that start automatically when you log in. Look for any suspicious apps identical or similar to phishing malware. Check the app you want to stop from running automatically and then select on the Minus (“-“) icon to hide it.

7. Remove any leftover files that might be related to this threat manually by following the sub-steps below:

Go to Finder.
In the search bar type the name of the app that you want to remove.
Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.

In case you cannot remove phishing malware via Step 1 above:

In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:

Disclaimer! If you are about to tamper with Library files on Mac, be sure to know the name of the virus file, because if you delete the wrong file, it may cause irreversible damage to your MacOS. Continue on your own responsibility!

1. Click on "Go" and Then "Go to Folder" as shown underneath:

fix mac virus from launch agents step 1

2. Type in "/Library/LauchAgents/" and click Ok:

fix mac virus from launch agents step 2

3. Delete all of the virus files that have similar or the same name as phishing malware. If you believe there is no such file, do not delete anything.

fix mac virus from launch agents step 3

You can repeat the same procedure with the following other Library directories:

→ ~/Library/LaunchAgents
/Library/LaunchDaemons

Tip: ~ is there on purpose, because it leads to more LaunchAgents.

Step 3: Remove phishing malware – related extensions from Safari / Chrome / Firefox

Remove an extension from Safari and reset it.Remove a toolbar from Google ChromeRemove a toolbar from Mozilla Firefox

1. Start Safari

2. After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.

3. From the menu, click on "Preferences"

Remove Mac virus from safari step 1

4. After that, select the 'Extensions' Tab

Remove Mac virus from safari step 2

5. Click once on the extension you want to remove.

6. Click 'Uninstall'

Remove Mac virus from safari step 3

A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the phishing malware will be removed.

How to Reset Safari
IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

Start Safari and then click on the gear leaver icon.

Click the Reset Safari button and you will reset the browser.

1. Start Google Chrome and open the drop menu

remove mac virus from google chrome step 1

2. Move the cursor over "Tools" and then from the extended menu choose "Extensions"

remove mac virus from google chrome step 2

3. From the opened "Extensions" menu locate the add-on and click on the garbage bin icon on the right of it.

remove mac virus from google chrome step 3

4. After the extension is removed, restart Google Chrome by closing it from the red "X" in the top right corner and start it again.

1. Start Mozilla Firefox. Open the menu window

2. Select the "Add-ons" icon from the menu.

remove mac virus from mozilla firefox step 1

3. Select the Extension and click "Remove"

remove mac virus from mozilla firefox step 2

4. After the extension is removed, restart Mozilla Firefox by closing it from the red "X" in the top right corner and start it again.

phishing malware-FAQ

What is phishing malware on your Mac?

The phishing malware threat is probably a potentially unwanted app. There is also a chance it could be related to Mac malware. If so, such apps tend to slow your Mac down significantly and display advertisements. They could also use cookies and other trackers to obtain browsing information from the installed web browsers on your Mac.

Can Macs Get Viruses?

Yes. As much as any other device, Apple computers do get malware. Apple devices may not be a frequent target by malware authors, but rest assured that almost all of the Apple devices can become infected with a threat.

What Types of Mac Threats Are There?

According to most malware researchers and cyber-security experts, the types of threats that can currently infect your Mac can be rogue antivirus programs, adware or hijackers (PUPs), Trojan horses, ransomware and crypto-miner malware.

What To Do If I Have a Mac Virus, Like phishing malware?

Do not panic! You can easily get rid of most Mac threats by firstly isolating them and then removing them. One recommended way to do that is by using a reputable malware removal software that can take care of the removal automatically for you.

There are many Mac anti-malware apps out there that you can choose from. SpyHunter for Mac is one of the reccomended Mac anti-malware apps, that can scan for free and detect any viruses. This saves time for manual removal that you would otherwise have to do.

How to Secure My Data from phishing malware?

With few simple actions. First and foremost, it is imperative that you follow these steps:

Step 1: Find a safe computer and connect it to another network, not the one that your Mac was infected in.

Step 2: Change all of your passwords, starting from your e-mail passwords.

Step 3: Enable two-factor authentication for protection of your important accounts.

Step 4: Call your bank to change your credit card details (secret code, etc.) if you have saved your credit card for online shopping or have done online activiites with your card.

Step 5: Make sure to call your ISP (Internet provider or carrier) and ask them to change your IP address.

Step 6: Change your Wi-Fi password.

Step 7: (Optional): Make sure to scan all of the devices connected to your network for viruses and repeat these steps for them if they are affected.

Step 8: Install anti-malware software with real-time protection on every device you have.

Step 9: Try not to download software from sites you know nothing about and stay away from low-reputation websites in general.

If you follow these reccomendations, your network and Apple devices will become significantly more safe against any threats or information invasive software and be virus free and protected in the future too.

More tips you can find on our MacOS Virus section, where you can also ask any questions and comment about your Mac problems.

About the phishing malware Research

The content we publish on SensorsTechForum.com, this phishing malware how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific macOS issue.

How did we conduct the research on phishing malware?

Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of Mac threats, especially adware and potentially unwanted apps (PUAs).

Furthermore, the research behind the phishing malware threat is backed with VirusTotal.

To better understand the threat posed by Mac malware, please refer to the following articles which provide knowledgeable details.