Have you ever seen this message when trying to install Mac OS X software that didn’t come from the Mac App Store? Watch the new Capital Mac YouTube video below to see how to get around this new Macintosh security setting!
There is another scam going around as pop-ups that appear in your browser while surfing the web with Safari, Firefox or Chrome. What happens is a pop-up appears and explains that you have a security breach on your Macintosh (or Windows computer). Then, it directs you to call 800-656-8547, for instructions on how to take care of this “breach.” The instructions are to let a “technician” into your computer virtually, which is a bad idea in general, and then have to pay them upwards of $300 to “clean your Macintosh.” This is just another variation of the typical pop-up scareware banners that trick you into thinking something is wrong with your computer–which there is not. Whatever you do, don’t call that number!
If you happen to be reading this post after you have called the number for this pop-up scam, here’s a few things to do immediately on your Macintosh.
- First, if you gave them a credit card number, you will probably want to call the bank and have them deny the charge and cancel that card. Once they have that number, they may use it further, or, sell it off on the black market.
- If they actually took control of your Mac, they may have done nothing, or, they may have inserted any variety of malware, keylogging software, etc. It’s hard to say for sure, but, different scams of this variety do different things. At minimum, you would want to change your administrator password (System Preferences –> Users and Groups –> Change Password) for all accounts on the Mac. Depending on your comfort level, you would also want to consider rolling back to an earlier date in time with Time Machine backup, or, consider a scorched Earth path to completely wipe the computer clean and start over. If you were to do this drastic step, I would wipe the computer clean, and then install an operating system first, and then go back and restore just your user folder from backup. Select only important users in the Setup Assistant dialog box—not the Applications, Other files and folders, or Computer & Network Settings. Don’t transfer the Guest account, if you had this enabled.
- Don’t install 3rd party software from your backups–try to go back to the original media for this step.
- We advise you change any internet passwords that you may have typed in after this breach, such as banking or online retail store accounts–this is a good step to do anyway, every few months.
- It’s not a bad idea to install some form of anti-virus software at this point, such as Sophos for the Mac, which is more of a piece-of-mind-just-in-case step. It will come up with some errors during scanning, which usually means that it cannot scan system files that are in use. If it finds anything strange, it will quarantine these files.
Hopefully after all of these steps, your Mac will be somewhat back to normal. Remember, this scam is a popular one and many more malicious folks are putting this scam into action. 800-656-8547 is just one of many following the same routine and we ask that you don’t ever call anyone for Macintosh help except for AppleCare and local computer companies (such as Capital Mac Service) in your area that specialize in the Macintosh. If you get bitten by this, or any other scam, don’t panic and don’t ever give out personal information such as credit card numbers, social security numbers and birthdates. Above all else, don’t let remote people take over your computer–this is just asking for trouble!
I received an email tonight from a company called “App Sec-Team,” which I had no idea what it was until I looked a bit deeper. The only reason I even saw this email message is because it skipped the SPAM rules on both Mac OS X Mail and Gmail’s SPAM filter. This is an interesting scam in that it appears to be from Apple, which it’s not–and it brings you to a form that looks exactly like an official Apple iCloud form, right down to the graphics and icons used. This is a FAKE site and you must NOT enter any personal information! I’ll break it down one piece at a time below:
Here’s what the original email looks like, including the scary header (“Account Verification”) that would trick a good portion of people into opening the email (since it skipped the SPAM rules!):
The actual email says this in the body:
As part of our security policy, we’re moving to a new sign in process for our Apple accounts, called 2-Step Verification. 2-Step Verification adds an extra layer of security by requiring you to enter a verification code (similar to a PIN) after you enter your usual information. You will receive the verification code through your email address.
Why are we doing this?
2-Step Verification helps protect your account from unauthorized access due to a compromised password. Even if your password is cracked, guessed, or otherwise stolen, an attacker can’t sign in without a verification code, which only you can obtain via your own email address.
This is 100% fake and it is certainly not from Apple. Here’s a screenshot of who it’s actually from which is “email@example.com”:
Going a bit further, if you happen to click on the “Verify your information, Get activation code from Here” link that they try to trick you into clicking, you end up here–and this is pretty convincing to someone who isn’t used to things like this–a completely fake site that is masquerading as a real Apple website–which even I was thrown for after seeing it for a quick first time due to the official graphics and wording:
Lastly, let’s check the final nail in this coffin–the website that this fake iTunes Connect screen is hosted at–which in real life would have to be something with ‘apple.com’ in it–however–this site resides on a web server called ‘www.greenbvc.com,’ which is clearly not Apple in any way. If you had entered in this information as the form asked for, you would now have a stolen credit card and most of your personal data in a database somewhere probably offshore. But, it gets even stranger if you dig deeper into the URL that this fake page is stored: “http://www.greenbvc.com/” which brings you to this site which actually seems legitimate:
My gut feeling is this guy’s site was hacked and this fake Apple verification page was placed there without his knowledge. The bigger message here is the layers that these scam companies will go through to get your personal data. Stay vigilant, people. If you have any question about this type of scamming, or phishing as it’s referred to, please contact Capital Mac Service before you fill out any forms or click on literally anything on the web.