How to Detect Mac Phishing Pages and Stop Them

How to Detect Mac Phishing Pages and Stop Them

This blog post is made in order to give you insight on how to detect and remove phishing pages which are aimed at your information and it will also explain how you can remove such fake pages from your PC by eliminating the software or site that might be causing them.

So far, phishing does not show any signs of stopping, since there have been countless phishing attacks out there and many users who lack experience with phishing tend to fall for these traps and as a result either financial or personal (or both) information is lost in the process. Most antivirus companies are now actively working in cooperation with web browsers to block phishing web sites from their source hosts that are spreading the URLs at an alarming rate on a massive scale. And this rate of spread cannot seem to be stopped because of the sheer count of the new phishing pages that appear every day. This is why we have decided to provide you with information on how you can stop phishing URLs and how you can make sure that they won’t spread again on your Mac.

How Do Phishing Links Spread on Macs

A lot of effort I put in a phishing attack to make it appear like the original site that targets the victim. Cyber-criminals go as far as to employ clever tactics to spread phishing much faster than normal, using more automated methods, like the ones underneath:

Spreading Via Referrer Spam

Some phishing sites which spread at an alarming rate have been detected to replicate web pages automatically by manipulating Google itself. They use specific Google indexing methods that are known as Web Crawlers and Ghost Referrers that attack websites and spam the phishing URLs on their comment sections and other places on the sites. Web Crawlers, one of the spam bots aim to go through various pages and look for those pages that lack specific security measures against referrer spam, like missing Captcha and so on and use these weaknesses to comment spam URLs. The other method, known as Ghosting uses more advanced and persistent software that does not spread at an alarming rate, but can remain for years on a website, since it uses more advanced tactics to remain hidden and directly connected to it. These referral spam threats are not only bad for the user, but for the website vendor as well, because the pages to which the links point are fake and can lower the website’s reputation. Here is one example of a fake versus actual referral spam redirect by clicking on a URL from a referral spam comment:

Spreading via Adware, Hijackers and Other PUPs

This method of spreading phishing web pages is possibly the most used one, because it is a quick way for the adware developer to become rich via pay-per-click schemes or even if the adware maker is the phishing attacker himself. The spreading can range from fake browser extensions, ad-supported toolbars, software, installed on your Mac and even fake web browsers. All of these unwanted apps may cause redirects that may ultimately lead to the phishing page.

And the benefits for the creators of these ad-supported programs are many as well:

  • They lead automated traffic by causing redirects to the phishing site.
  • They show other advertisements that eventually cause redirects to malicious web pages in some cases.
  • They display phishing pages that aim to steal passwords and usernames.

Such phishing pages can be shown as a result of a web browser redirection or via a fake web page that is posted on a toolbar as some sort of a bookmark. This includes fake login pages, like Facebook imitation login pages, PayPal, Amazon, Apple, LinkedIn and many other phishing scams.

Such unwanted programs are often spread as a result of software bundling, where the application in question is advertised as an included program that is also a useful one and a free offer alongside the current installation. The bad news here is that such bundled applications could be seen on suspicious download sites, or torrent websites. They cannot be easily located, since their installation step often resides In the “Advanced” or “Custom” install modes, looking similar to the example image below:

When it comes to Mac users, the outcome of this is fake web pages that demand to log into services, like iCloud and others, while displaying very well disguised web pages, that look close to the original ones:

Spreading via Viruses and Other Malware

The best method that will definitely result in a lot of phishing pages to appear on your Mac unobstructed is via phishing attacks as a result of malware infections. These types of infections are usually Trojan horses that are modified to display ads. These threats are commonly reffered to as Trojan.Clickers and they often tend to cause a lot of automated redirects to different pages when the victim visits them. One good example is if you try to access PayPal and the virus detects it and as a result you are displayed a fake PayPal web page. The same goes of Dropbox, which was recently the center of attention for many phishing attempts.

Related: Dropbox Phishing Scams and Malware E-Mails – Remove and Stop Them

Spreading Via Phishing E-mails

Another very well known and often used tactic to spread Phishing pages by sending e-mail spam messages that appear very close to the original ones. According to a research, conducted back in 2017, the most targeted users for phishing are users that belong to Banking sites, electronic payment sites and telecommunications, so the attackers definitely know what they are doing.

Related: Apple Phishing Season Is Here And Users Are At Risk

And they are very clever on how they perform the phishing schemes as well, since they send very cunning e-mails that imitate the original e-mails very closely:

The e-mails often stress important issues in order to convince victims to give away their vital credentials. The most widespread subjects that are extremely convincing are:

  • Logged in account from another device.
  • Unauthorized PayPal transfer.
  • Suspicious activity on the victim’s account.
  • Purchasing receipt the victim has not made.

And the body of such e-mail contains images of the company that are basically the same as the original ones that are sent from the company itself, having logos, links to the web pages and even options to unsubscribe, just like in the real ones. And the websites they lead to may not always be blocked by antivirus software, so victims might be thinking “Yes, I have an antivirus, so I’m safe.”, but sadly, that is not always the case.

How to Detect a Phishing(Fake) Page on Your Mac

Detecting a phishing page can be done with ease from your computer at home, and usually that is the best way to go for. If you see a web page and you believe that it is not the real one served to you, because of an icon you saw to be the old one or a logo you saw to not be opened, you should check the URL for phishing. The first giveaway symptom to do so is if you compare the URL wit the original one by checking if there is an “https://” on it’s name. Usually, most phishing pages are only in HTTP and this is possibly the clearest sign that the page is phishing for data, since it’s not even encrypted:

Another very strong giveaway is that the web page lights up when it’s checked by using various different online services, like Scamadviser, for example:

How To Stop Phishing Pages on Your Mac Permanently

If you know how to detect a phishing web page and you have started seeing a lot to show up on your Mac, then this is a sign that your Mac’s security might be compromised by Malware or unwanted software of some sort. This is why, you should go over the following steps to check whether or not you have suspicious toolbars or extensions installed on your Mac’s web browsers, causing redirects to such phishing pages, like we explained earlier:

Remove Extensions and Toolbars from Your Browser

Remove Extensions from Your Browser.

Remove a toolbar from Mozilla FirefoxRemove a toolbar from Google Chrome Remove an extension from Safari and reset it.
Start Mozilla Firefox. Open the menu window

Select the “Add-ons” icon from the menu.

Select the Extension and click “Remove

After the extension is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.

Start Google Chrome and open the drop menu

  • Move the cursor over “Tools” and then from the extended menu choose “Extensions
  • From the opened “Extensions” menu locate the add-on and click on the garbage bin icon on the right of it.
  • After the extension is removed, restart Google Chrome by closing it from the red “X” in the top right corner and start it again.
  • Step 1: Remove Safari extensions

    Start Safari

    Open the drop menu by clicking on the sprocket icon in the top right corner.

    From the drop menu select ‘Preferences’
    In the new window select ‘Extensions’
    Click once on the extension you want removed.
    Click ‘Uninstall’


    A pop-up window will appear asking for confirmation to uninstall the extension. Select ‘Uninstall’ again, and the phishing malware will be removed.

    Step 2: Reset Safari

    IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

    Start Safari and then click on the gear leaver icon.

    Click the Reset Safari button and you will reset the browser.

    But this is not the only way by which you may have received advertisements and browser redirects to phishing pages. Some malware often disguises itself as a legitimate app, directly installed on your Mac. This is why, to remove such malware, we recommend that you follow the instructions below as they can help you detect the malicious process and delete it as an app:

    Removal Step #1: Securing Your Mac Accounts

    If you have had your Mac affected, follow the following steps towards securing your Mac.

    1 – Disconnect from the web and try to stay offline when possible until the issue is resolved.
    2 – Do not type any passwords on your Mac, because malware may be logging your keystrokes to obtain passwords.

    Removal Step #2: Stopping the Virus and Removing It

    If your Mac is infected and you have located the source of the infection, make sure to first stop it and then remove it by following the steps below:

    1 – Open Activity Monitor and then locate the virus process. When you locate it, click on it’s name and then quit it by tapping CMD+Q.
    2 – Remove the app from the Utilities folder of the Applications list. Over there, you can use the search box to type in the same app’s name. When you find it, the app may still be running so select it and then click the X icon on top left of it. Then select Force Quit.
    3 – Uninstall the program, if it is added on your Applications by following the mini-steps in dark-gray below:

    → -Go to Finder.
    -In the search bar type the name of the app that you want to remove.
    -Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
    -If all of the files are related, hold the Command+A buttons to select them and then drive them to “Trash”.

    Important! Most virus authors make sure to hide their code to mask it as a legitimate app, making manual removal difficult. This is why you should scan your Mac for any files that might reactivate infection or objects you have missed, using a reputable malware removal tool, as most experts recommend is the most effective way to automatically remove threats.


    Combo Cleaner

    Be advised! Combo Cleaner will only detect any unwanted software and threats. If you want to fully remove the threat and secure your Mac automatically from threats in the future as well, you will need to purchase the licensed version of Combo Cleaner.

    How to Protect Your Mac In the Future

    If you do not want these phishing attempts on your Mac, there are several simple advises that you should follow and that will help you to increase your protection significantly:

    Tip #1: Make sure to read our instructive article on how you can detect malware on your Mac (related link below).

    Related: How to Detect and Remove Mac Virus

    Tip #2: Immediately change all of your passwords from a device that is secure. If you lack such, you can boot a live OS from a flash drive, like Ubuntu, for example. New passwords you type should be strong and should not be related to one another as it’s easy to guess them and hence break them.

    Tip #3: Always backup your files.

    Tip #4: Always choose a web browser that is oriented towards security to stay way from mainstream practices.

    Tip #5: Follow our protection tips and try to turn them into your everyday habits.


    Ventsislav Krastev

    Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

    More Posts - Website

    Follow Me:

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share