Home > Mac Viruses > How to Detect Mac Phishing Pages and Stop Them
THREAT REMOVAL

How to Detect Mac Phishing Pages and Stop Them

This blog post is made in order to give you insight on how to detect and remove phishing pages which are aimed at your information and it will also explain how you can remove such fake pages from your PC by eliminating the software or site that might be causing them.

So far, phishing does not show any signs of stopping, since there have been countless phishing attacks out there and many users who lack experience with phishing tend to fall for these traps and as a result either financial or personal (or both) information is lost in the process. Most antivirus companies are now actively working in cooperation with web browsers to block phishing web sites from their source hosts that are spreading the URLs at an alarming rate on a massive scale. And this rate of spread cannot seem to be stopped because of the sheer count of the new phishing pages that appear every day. This is why we have decided to provide you with information on how you can stop phishing URLs and how you can make sure that they won’t spread again on your Mac.

A lot of effort I put in a phishing attack to make it appear like the original site that targets the victim. Cyber-criminals go as far as to employ clever tactics to spread phishing much faster than normal, using more automated methods, like the ones underneath:

Spreading Via Referrer Spam

Some phishing sites which spread at an alarming rate have been detected to replicate web pages automatically by manipulating Google itself. They use specific Google indexing methods that are known as Web Crawlers and Ghost Referrers that attack websites and spam the phishing URLs on their comment sections and other places on the sites. Web Crawlers, one of the spam bots aim to go through various pages and look for those pages that lack specific security measures against referrer spam, like missing Captcha and so on and use these weaknesses to comment spam URLs. The other method, known as Ghosting uses more advanced and persistent software that does not spread at an alarming rate, but can remain for years on a website, since it uses more advanced tactics to remain hidden and directly connected to it. These referral spam threats are not only bad for the user, but for the website vendor as well, because the pages to which the links point are fake and can lower the website’s reputation. Here is one example of a fake versus actual referral spam redirect by clicking on a URL from a referral spam comment:

Spreading via Adware, Hijackers and Other PUPs

This method of spreading phishing web pages is possibly the most used one, because it is a quick way for the adware developer to become rich via pay-per-click schemes or even if the adware maker is the phishing attacker himself. The spreading can range from fake browser extensions, ad-supported toolbars, software, installed on your Mac and even fake web browsers. All of these unwanted apps may cause redirects that may ultimately lead to the phishing page.

And the benefits for the creators of these ad-supported programs are many as well:

  • They lead automated traffic by causing redirects to the phishing site.
  • They show other advertisements that eventually cause redirects to malicious web pages in some cases.
  • They display phishing pages that aim to steal passwords and usernames.

Such phishing pages can be shown as a result of a web browser redirection or via a fake web page that is posted on a toolbar as some sort of a bookmark. This includes fake login pages, like Facebook imitation login pages, PayPal, Amazon, Apple, LinkedIn and many other phishing scams.

Such unwanted programs are often spread as a result of software bundling, where the application in question is advertised as an included program that is also a useful one and a free offer alongside the current installation. The bad news here is that such bundled applications could be seen on suspicious download sites, or torrent websites. They cannot be easily located, since their installation step often resides In the “Advanced” or “Custom” install modes, looking similar to the example image below:

When it comes to Mac users, the outcome of this is fake web pages that demand to log into services, like iCloud and others, while displaying very well disguised web pages, that look close to the original ones:

Spreading via Viruses and Other Malware

The best method that will definitely result in a lot of phishing pages to appear on your Mac unobstructed is via phishing attacks as a result of malware infections. These types of infections are usually Trojan horses that are modified to display ads. These threats are commonly reffered to as Trojan.Clickers and they often tend to cause a lot of automated redirects to different pages when the victim visits them. One good example is if you try to access PayPal and the virus detects it and as a result you are displayed a fake PayPal web page. The same goes of Dropbox, which was recently the center of attention for many phishing attempts.

Related: Dropbox Phishing Scams and Malware E-Mails – Remove and Stop Them

Spreading Via Phishing E-mails

Another very well known and often used tactic to spread Phishing pages by sending e-mail spam messages that appear very close to the original ones. According to a research, conducted back in 2017, the most targeted users for phishing are users that belong to Banking sites, electronic payment sites and telecommunications, so the attackers definitely know what they are doing.

Related: Apple Phishing Season Is Here And Users Are At Risk

And they are very clever on how they perform the phishing schemes as well, since they send very cunning e-mails that imitate the original e-mails very closely:

The e-mails often stress important issues in order to convince victims to give away their vital credentials. The most widespread subjects that are extremely convincing are:

  • Logged in account from another device.
  • Unauthorized PayPal transfer.
  • Suspicious activity on the victim’s account.
  • Purchasing receipt the victim has not made.

And the body of such e-mail contains images of the company that are basically the same as the original ones that are sent from the company itself, having logos, links to the web pages and even options to unsubscribe, just like in the real ones. And the websites they lead to may not always be blocked by antivirus software, so victims might be thinking “Yes, I have an antivirus, so I’m safe.”, but sadly, that is not always the case.

How to Detect a Phishing(Fake) Page on Your Mac

Detecting a phishing page can be done with ease from your computer at home, and usually that is the best way to go for. If you see a web page and you believe that it is not the real one served to you, because of an icon you saw to be the old one or a logo you saw to not be opened, you should check the URL for phishing. The first giveaway symptom to do so is if you compare the URL wit the original one by checking if there is an “https://” on it’s name. Usually, most phishing pages are only in HTTP and this is possibly the clearest sign that the page is phishing for data, since it’s not even encrypted:

Another very strong giveaway is that the web page lights up when it’s checked by using various different online services, like Scamadviser, for example:

How To Stop Phishing Pages on Your Mac Permanently

If you know how to detect a phishing web page and you have started seeing a lot to show up on your Mac, then this is a sign that your Mac’s security might be compromised by Malware or unwanted software of some sort. This is why, you should go over the following steps to check whether or not you have suspicious toolbars or extensions installed on your Mac’s web browsers, causing redirects to such phishing pages, like we explained earlier:

Remove Extensions and Toolbars from Your Browser

Remove Extensions from Your Browser.

Remove a toolbar from Mozilla FirefoxRemove a toolbar from Google Chrome Remove an extension from Safari and reset it.
Start Mozilla Firefox. Open the menu window

Select the “Add-ons” icon from the menu.

Select the Extension and click “Remove

After the extension is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.

Start Google Chrome and open the drop menu

  • Move the cursor over “Tools” and then from the extended menu choose “Extensions
  • From the opened “Extensions” menu locate the add-on and click on the garbage bin icon on the right of it.
  • After the extension is removed, restart Google Chrome by closing it from the red “X” in the top right corner and start it again.
  • Step 1: Remove Safari extensions

    Start Safari

    Open the drop menu by clicking on the sprocket icon in the top right corner.
    uninstall-fig13

    From the drop menu select ‘Preferences’
    In the new window select ‘Extensions’
    Click once on the extension you want removed.
    Click ‘Uninstall’

    uninstall-fig14

    A pop-up window will appear asking for confirmation to uninstall the extension. Select ‘Uninstall’ again, and the phishing malware will be removed.

    Step 2: Reset Safari

    IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

    Start Safari and then click on the gear leaver icon.

    Click the Reset Safari button and you will reset the browser.

    But this is not the only way by which you may have received advertisements and browser redirects to phishing pages. Some malware often disguises itself as a legitimate app, directly installed on your Mac. This is why, to remove such malware, we recommend that you follow the instructions below as they can help you detect the malicious process and delete it as an app:

    Removal Step #1: Securing Your Mac Accounts

    If you have had your Mac affected, follow the following steps towards securing your Mac.

    1 – Disconnect from the web and try to stay offline when possible until the issue is resolved.
    2 – Do not type any passwords on your Mac, because malware may be logging your keystrokes to obtain passwords.

    Removal Step #2: Stopping the Virus and Removing It

    If your Mac is infected and you have located the source of the infection, make sure to first stop it and then remove it by following the steps below:

    1 – Open Activity Monitor and then locate the virus process. When you locate it, click on it’s name and then quit it by tapping CMD+Q.
    2 – Remove the app from the Utilities folder of the Applications list. Over there, you can use the search box to type in the same app’s name. When you find it, the app may still be running so select it and then click the X icon on top left of it. Then select Force Quit.
    3 – Uninstall the program, if it is added on your Applications by following the mini-steps in dark-gray below:

    → -Go to Finder.
    -In the search bar type the name of the app that you want to remove.
    -Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
    -If all of the files are related, hold the Command+A buttons to select them and then drive them to “Trash”.

    Important! Most virus authors make sure to hide their code to mask it as a legitimate app, making manual removal difficult. This is why you should scan your Mac for any files that might reactivate infection or objects you have missed, using a reputable malware removal tool, as most experts recommend is the most effective way to automatically remove threats.


    Download

    Combo Cleaner

    Be advised! Combo Cleaner will only detect any unwanted software and threats. If you want to fully remove the threat and secure your Mac automatically from threats in the future as well, you will need to purchase the licensed version of Combo Cleaner.

    How to Protect Your Mac In the Future

    If you do not want these phishing attempts on your Mac, there are several simple advises that you should follow and that will help you to increase your protection significantly:

    Tip #1: Make sure to read our instructive article on how you can detect malware on your Mac (related link below).

    Related: How to Detect and Remove Mac Virus

    Tip #2: Immediately change all of your passwords from a device that is secure. If you lack such, you can boot a live OS from a flash drive, like Ubuntu, for example. New passwords you type should be strong and should not be related to one another as it’s easy to guess them and hence break them.

    Tip #3: Always backup your files.

    Tip #4: Always choose a web browser that is oriented towards security to stay way from mainstream practices.

    Tip #5: Follow our protection tips and try to turn them into your everyday habits.

    Ventsislav Krastev

    Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

    More Posts - Website

    Follow Me:
    Twitter

    OFFER
    REMOVE IT NOW (MAC)
    with SpyHunter for Mac
    phishing malware may remain persistent on your system and may re-infect it. We recommend you to download SpyHunter for Mac and run free scan to remove all virus files on your Mac. This saves you hours of time and effort compared to doing the removal yourself.
    Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read EULA and Privacy Policy

    Preparation Phase:

    Before starting to follow the steps below, be advised that you should first do the following preparations:

    • Backup your files in case the worst happens.
    • Make sure to have a device with these instructions on standy.
    • Arm yourself with patience.

    Step 1: Uninstall phishing malware and remove related files and objects

    OFFER
    Manual Removal Usually Takes Time and You Risk Damaging Your Files If Not Careful!
    We Recommend To Scan Your Mac with SpyHunter for Mac
    Keep in mind, that SpyHunter for Mac needs to purchased to remove the malware threats. Click on the corresponding links to check SpyHunter’s EULA and Privacy Policy


    1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:


    2. Find Activity Monitor and double-click it:


    3. In the Activity Monitor look for any suspicious processes, belonging or related to phishing malware:

    Tip: To quit a process completely, choose the “Force Quit” option.


    4. Click on the "Go" button again, but this time select Applications. Another way is with the ⇧+⌘+A buttons.


    5. In the Applications menu, look for any suspicious app or an app with a name, similar or identical to phishing malware. If you find it, right-click on the app and select “Move to Trash”.


    6. Select Accounts, after which click on the Login Items preference. Your Mac will then show you a list of items that start automatically when you log in. Look for any suspicious apps identical or similar to phishing malware. Check the app you want to stop from running automatically and then select on the Minus (“-“) icon to hide it.


    7. Remove any left-over files that might be related to this threat manually by following the sub-steps below:

    • Go to Finder.
    • In the search bar type the name of the app that you want to remove.
    • Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
    • If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.

    In case you cannot remove phishing malware via Step 1 above:

    In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:

    Disclaimer! If you are about to tamper with Library files on Mac, be sure to know the name of the virus file, because if you delete the wrong file, it may cause irreversible damage to your MacOS. Continue on your own responsibility!

    1. Click on "Go" and Then "Go to Folder" as shown underneath:

    2. Type in "/Library/LauchAgents/" and click Ok:

    3. Delete all of the virus files that have similar or the same name as phishing malware. If you believe there is no such file, do not delete anything.

    You can repeat the same procedure with the following other Library directories:

    → ~/Library/LaunchAgents
    /Library/LaunchDaemons

    Tip: ~ is there on purpose, because it leads to more LaunchAgents.


    Step 2: Remove phishing malware – related extensions from Safari / Chrome / Firefox

    Remove an extension from Safari and reset it.Remove a toolbar from Google Chrome Remove a toolbar from Mozilla Firefox

    1. Start Safari

    2. After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.

    3. From the menu, click on "Preferences"

    stf-safari preferences

    4. After that, select the 'Extensions' Tab

    stf-safari-extensions

    5. Click once on the extension you want to remove.

    6. Click 'Uninstall'

    stf-safari uninstall

    A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the phishing malware will be removed.

    How to Reset Safari
    IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

    Start Safari and then click on the gear leaver icon.

    Click the Reset Safari button and you will reset the browser.

    1. Start Google Chrome and open the drop menu

    2. Move the cursor over "Tools" and then from the extended menu choose "Extensions"

    3. From the opened "Extensions" menu locate the add-on and click on the garbage bin icon on the right of it.

    4. After the extension is removed, restart Google Chrome by closing it from the red "X" in the top right corner and start it again.


    1. Start Mozilla Firefox. Open the menu window

    2. Select the "Add-ons" icon from the menu.

    3. Select the Extension and click "Remove"

    4. After the extension is removed, restart Mozilla Firefox by closing it from the red "X" in the top right corner and start it again.


    Step 3: Scan for and remove phishing malware files from your Mac

    When you are facing problems on your Mac as a result of unwanted scripts and programs such as phishing malware, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.


    Click the button below below to download SpyHunter for Mac and scan for phishing malware:


    Download

    SpyHunter for Mac




    phishing malware FAQ

    What is phishing malware on your Mac?

    The phishing malware threat is probably a potentially unwanted app. There is also a chance it could be related to Mac malware. If so, such apps tend to slow your Mac down siginficantly and display advertisements. They could also use cookies and other trackers to obtain browsing information from the installed web browsers on your Mac.

    The creators of such unwanted apps work with pay-per-click schemes to get your Mac to visit risky or different types of websites that may generate them funds. This is why they do not even care what types of websites show up on the ads. This makes their unwanted software indirectly risky for your MacOS.

    Can my Mac get a virus?

    Yes. As much as any other device, Apple computers do get viruses. Apple devices may not be a frequent target by malware authors, but rest assured that the following Apple devices can become infected with a virus:

    • iMac
    • Mac Mini
    • Macbook Air
    • Macbook Pro
    • iPhone
    • iPad

    What are the symptoms of phishing malware on your Mac?

    There are several symptoms to look for when this particular threat and also most Mac threats in general are active:

    Symptom #1: Your Mac may become slow and has poor performance in general.

    Symtpom #2: You have toolbars, add-ons or extensions on your web browsers that you don't remember adding.

    Symptom #3: You see all types of ads, like ad-supported search results, pop-ups and redirects to randomly appear.

    Symptom #4: You see installed apps on your Mac running automatically and you do not remember installing them.

    Symptom #5: You see suspicious processes running in your Mac's Activity Monitor.

    If you see one or more of those symptoms, then security experts reccomend that you check your Mac for viruses.

    What types of Mac threats are there?

    According to most malware researchers and cyber-security experts, the threats that can currently infect your Mac can be the following types:

    • Rogue Antivirus programs.
    • Adware and hijackers.
    • Trojan horses and other spyware.
    • Ransomware and screen-lockers.
    • Cryptocurrency miner malware.

    What to do if I have a Mac virus, like phishing malware?

    Do not panic! You can easily get rid of most Mac threats by firstly isolating them and then removing them. One reccomended way to do that is by using a reputable malware removal software that can take care of the removal automatically for you. There are many Mac anti-malware apps out there that you can choose from. SpyHunter for Mac is one of the reccomended Mac anti-malware apps, that can scan for free and detect any viruses, tracking cookies and unwanted adware apps plus take care of them quickly. This saves time for manual removal that you would otherwise have to do.

    How to secure my passwords and other data from phishing malware?

    With few simple actions. First and foremost, it is imperative that you follow these steps:

    Step 1: Find a safe computer and connect it to another network, not the one that your Mac was infected in.

    Step 2: Change all of your passwords, starting from your e-mail passwords.

    Step 3: Enable two-factor authentication for protection of your important accounts.

    Step 4: Call your bank to change your credit card details (secret code, etc.) if you have saved your credit card for online shopping or have done online activiites with your card.

    Step 5: Make sure to call your ISP (Internet provider or carrier) and ask them to change your IP address.

    Step 6: Change your Wi-Fi password.

    Step 7: (Optional): Make sure to scan all of the devices connected to your network for viruses and repeat these steps for them if they are affected.

    Step 8: Install anti-malware software with real-time protection on every device you have.

    Step 9: Try not to download software from sites you know nothing about and stay away from low-reputation websites in general.

    If you follow these reccomendations, your network and Apple devices will become significantly more safe against any threats or information invasive software and be virus free and protected in the future too.

    More tips you can find on our website, where you can also ask any questions and comment about your Mac problems.

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Share on Facebook Share
    Loading...
    Share on Twitter Tweet
    Loading...
    Share on Google Plus Share
    Loading...
    Share on Linkedin Share
    Loading...
    Share on Digg Share
    Share on Reddit Share
    Loading...
    Share on Stumbleupon Share
    Loading...