The Channel logo

News

By | John Leyden 22nd October 2015 13:59

Support scammers target Mac fanbois

We have Apple staff in blue T-shirts and everything

Support scammers who have been targeting Windows users for years and, more recently, users of Apple’s mobile devices and Android tablets and smartphones, have moved on to targeting desktop Macs more aggressively than ever before.

The basic set-up is the same: fraudsters seek to badger users into paying for useless remote diagnostic and cleanup services to fix problems that don't actually exist.

The only difference is that the lure has been baited differently in attempts to get Mac OSX computer users – rather than Windows or iPhone – on the hook.

Tech support scammers have targeted Mac users before in isolated cases, so the latest ruse isn't a first, but the mechanism this time around represents something of an evolution on previous tactics and techniques.

This time, scammers are impersonating Apple technicians by fraudulently duplicating a key aspect of legitimate support services. Apple offers a screen sharing service as part of its support centre that puts users in touch with a remote advisor. The sharing part of this service runs through the Apple website.

Crooks have registered a domain called ara-apple.com that closely resembles the legitimate Apple locale (ara.apple.com), warns net security firm Malwarebytes.

Pages at the bogus domain are carefully designed to scare people into thinking there is something wrong with their computer.

“Fraudsters will use all sorts of messages, audio warnings and other artefacts in order to social engineer marks into calling for assistance,” writes Jérôme Segura, a senior security researcher at Malwarebytes, in a blog post.

The dodgy domain is used for everything from linking to the remote programs the "technician" (actually scammer) will use, including processing payments, Segura explains.

Malwarebytes has contacted both the registrar (GoDaddy) and hosting provider (Liquid Web) so that they can apply a ban-hammer to this particular fraudulent website. This still leaves the possibility of a reappearance of the same scam by a different gang, or by the same groups using a different site.

Segura offers some general pointers on how to avoid being taken in by this type of scam.

“As always, please be particularly suspicious of alarming pop-ups or websites that claim your computer may be infected,” Segura advises. “Remember that Apple would never use such methods to have you call them or would never call you directly either.”

This advice is expanded in MalwareBytes tech support scams help and resource page here. The page features a list of blacklisted domains.

The advice is mostly aimed at Windows users, who remain the main targets of this growing class of malfeasance, but also includes pointers relevant to a wider range of technology users. ®

comment icon Read 47 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'