This blog post is made in order to give you insight on how to detect and remove phishing pages which are aimed at your information and it will also explain how you can remove such fake pages from your PC by eliminating the software or site that might be causing them.
So far, phishing does not show any signs of stopping, since there have been countless phishing attacks out there and many users who lack experience with phishing tend to fall for these traps and as a result either financial or personal (or both) information is lost in the process. Most antivirus companies are now actively working in cooperation with web browsers to block phishing web sites from their source hosts that are spreading the URLs at an alarming rate on a massive scale. And this rate of spread cannot seem to be stopped because of the sheer count of the new phishing pages that appear every day. This is why we have decided to provide you with information on how you can stop phishing URLs and how you can make sure that they won’t spread again on your Mac.
How Do Phishing Links Spread on Macs
A lot of effort I put in a phishing attack to make it appear like the original site that targets the victim. Cyber-criminals go as far as to employ clever tactics to spread phishing much faster than normal, using more automated methods, like the ones underneath:
Spreading Via Referrer Spam
Some phishing sites which spread at an alarming rate have been detected to replicate web pages automatically by manipulating Google itself. They use specific Google indexing methods that are known as Web Crawlers and Ghost Referrers that attack websites and spam the phishing URLs on their comment sections and other places on the sites. Web Crawlers, one of the spam bots aim to go through various pages and look for those pages that lack specific security measures against referrer spam, like missing Captcha and so on and use these weaknesses to comment spam URLs. The other method, known as Ghosting uses more advanced and persistent software that does not spread at an alarming rate, but can remain for years on a website, since it uses more advanced tactics to remain hidden and directly connected to it. These referral spam threats are not only bad for the user, but for the website vendor as well, because the pages to which the links point are fake and can lower the website’s reputation. Here is one example of a fake versus actual referral spam redirect by clicking on a URL from a referral spam comment:
Spreading via Adware, Hijackers and Other PUPs
This method of spreading phishing web pages is possibly the most used one, because it is a quick way for the adware developer to become rich via pay-per-click schemes or even if the adware maker is the phishing attacker himself. The spreading can range from fake browser extensions, ad-supported toolbars, software, installed on your Mac and even fake web browsers. All of these unwanted apps may cause redirects that may ultimately lead to the phishing page.
And the benefits for the creators of these ad-supported programs are many as well:
- They lead automated traffic by causing redirects to the phishing site.
- They show other advertisements that eventually cause redirects to malicious web pages in some cases.
- They display phishing pages that aim to steal passwords and usernames.
Such phishing pages can be shown as a result of a web browser redirection or via a fake web page that is posted on a toolbar as some sort of a bookmark. This includes fake login pages, like Facebook imitation login pages, PayPal, Amazon, Apple, LinkedIn and many other phishing scams.
Such unwanted programs are often spread as a result of software bundling, where the application in question is advertised as an included program that is also a useful one and a free offer alongside the current installation. The bad news here is that such bundled applications could be seen on suspicious download sites, or torrent websites. They cannot be easily located, since their installation step often resides In the “Advanced” or “Custom” install modes, looking similar to the example image below:
When it comes to Mac users, the outcome of this is fake web pages that demand to log into services, like iCloud and others, while displaying very well disguised web pages, that look close to the original ones:
Spreading via Viruses and Other Malware
The best method that will definitely result in a lot of phishing pages to appear on your Mac unobstructed is via phishing attacks as a result of malware infections. These types of infections are usually Trojan horses that are modified to display ads. These threats are commonly reffered to as Trojan.Clickers and they often tend to cause a lot of automated redirects to different pages when the victim visits them. One good example is if you try to access PayPal and the virus detects it and as a result you are displayed a fake PayPal web page. The same goes of Dropbox, which was recently the center of attention for many phishing attempts.
Spreading Via Phishing E-mails
Another very well known and often used tactic to spread Phishing pages by sending e-mail spam messages that appear very close to the original ones. According to a research, conducted back in 2017, the most targeted users for phishing are users that belong to Banking sites, electronic payment sites and telecommunications, so the attackers definitely know what they are doing.
And they are very clever on how they perform the phishing schemes as well, since they send very cunning e-mails that imitate the original e-mails very closely:
The e-mails often stress important issues in order to convince victims to give away their vital credentials. The most widespread subjects that are extremely convincing are:
- Logged in account from another device.
- Unauthorized PayPal transfer.
- Suspicious activity on the victim’s account.
- Purchasing receipt the victim has not made.
And the body of such e-mail contains images of the company that are basically the same as the original ones that are sent from the company itself, having logos, links to the web pages and even options to unsubscribe, just like in the real ones. And the websites they lead to may not always be blocked by antivirus software, so victims might be thinking “Yes, I have an antivirus, so I’m safe.”, but sadly, that is not always the case.
How to Detect a Phishing(Fake) Page on Your Mac
Detecting a phishing page can be done with ease from your computer at home, and usually that is the best way to go for. If you see a web page and you believe that it is not the real one served to you, because of an icon you saw to be the old one or a logo you saw to not be opened, you should check the URL for phishing. The first giveaway symptom to do so is if you compare the URL wit the original one by checking if there is an “https://” on it’s name. Usually, most phishing pages are only in HTTP and this is possibly the clearest sign that the page is phishing for data, since it’s not even encrypted:
Another very strong giveaway is that the web page lights up when it’s checked by using various different online services, like Scamadviser, for example:
How To Stop Phishing Pages on Your Mac Permanently
If you know how to detect a phishing web page and you have started seeing a lot to show up on your Mac, then this is a sign that your Mac’s security might be compromised by Malware or unwanted software of some sort. This is why, you should go over the following steps to check whether or not you have suspicious toolbars or extensions installed on your Mac’s web browsers, causing redirects to such phishing pages, like we explained earlier:
But this is not the only way by which you may have received advertisements and browser redirects to phishing pages. Some malware often disguises itself as a legitimate app, directly installed on your Mac. This is why, to remove such malware, we recommend that you follow the instructions below as they can help you detect the malicious process and delete it as an app:
Removal Step #1: Securing Your Mac Accounts
If you have had your Mac affected, follow the following steps towards securing your Mac.
1 – Disconnect from the web and try to stay offline when possible until the issue is resolved.
2 – Do not type any passwords on your Mac, because malware may be logging your keystrokes to obtain passwords.
Removal Step #2: Stopping the Virus and Removing It
If your Mac is infected and you have located the source of the infection, make sure to first stop it and then remove it by following the steps below:
1 – Open Activity Monitor and then locate the virus process. When you locate it, click on it’s name and then quit it by tapping CMD+Q.
2 – Remove the app from the Utilities folder of the Applications list. Over there, you can use the search box to type in the same app’s name. When you find it, the app may still be running so select it and then click the X icon on top left of it. Then select Force Quit.
3 – Uninstall the program, if it is added on your Applications by following the mini-steps in dark-gray below:
→ -Go to Finder.
-In the search bar type the name of the app that you want to remove.
-Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
-If all of the files are related, hold the Command+A buttons to select them and then drive them to “Trash”.
Important! Most virus authors make sure to hide their code to mask it as a legitimate app, making manual removal difficult. This is why you should scan your Mac for any files that might reactivate infection or objects you have missed, using a reputable malware removal tool, as most experts recommend is the most effective way to automatically remove threats.
Be advised! Combo Cleaner will only detect any unwanted software and threats. If you want to fully remove the threat and secure your Mac automatically from threats in the future as well, you will need to purchase the licensed version of Combo Cleaner.
How to Protect Your Mac In the Future
If you do not want these phishing attempts on your Mac, there are several simple advises that you should follow and that will help you to increase your protection significantly:
Tip #1: Make sure to read our instructive article on how you can detect malware on your Mac (related link below).
Tip #2: Immediately change all of your passwords from a device that is secure. If you lack such, you can boot a live OS from a flash drive, like Ubuntu, for example. New passwords you type should be strong and should not be related to one another as it’s easy to guess them and hence break them.
Tip #3: Always backup your files.
Tip #4: Always choose a web browser that is oriented towards security to stay way from mainstream practices.
Tip #5: Follow our protection tips and try to turn them into your everyday habits.