The scam includes a stuffed attachment with a .exe file which can only be launched on a Windows machine, although the site advises that, as always, it’s good practice to avoid clicking on any attachments from sources you don’t know or trust.
The e-mail, which asks for details of any recent Apple orders, reads: “We recorded a payment request from ‘Apple Inc.’ to enable the charge of $7,548.45 on your account,” advising the reader to click the attachment if they want the transaction stopped.
Historically, Mac users have been able to rest easy as far as attachment-based phishing scams go, since the executable files therein are generally aimed at the wider base of Windows users. However, security firm ESET warns that the ultimate goal of such attacks — stealing the user’s identity or money — is platform-agnostic.
“Phishing attacks are just as effective on Macs, Linux, Windows, Solaris and any operating system since they rely on tricking the user and not on malicious software or any software vulnerabilities,” explains ESET director of technical education Randy Abrams. “The Mac offers no immunity to phishing attacks and so we see a virtually equal percentage of victim representation across the board.”
The news isn’t all bad for Mac users: “Of note, we did find a lower rate of cybercrime victims among people who use both a Mac and a PC,” Abrams said. “This is probably due to a higher level of computer and Internet knowledge.” A recent ESET survey of 1,003 people found that the majority of cybercrime losses are indeed caused by phishing attacks.
As always, it pays to be careful out there — and when in doubt, avoid clicking links and file attachments, particularly those from strangers.