Skip to main content
Remove phishing email scam

Remove phishing email scam

This article provides the details of the increasingly widespread phishing scam, dissects its goals, and advises on ways to handle the hoax.

Strong security has always been on the plus side of Macs, and it’s getting increasingly hard for cybercrooks to deposit their harmful payloads onto these computers. The black hats, in their turn, have always been resourceful. If you put two and two together, one of the most effective attack scenarios has to do with manipulating humans rather than machines. This trend is spawning numerous social engineering campaigns, including phishing waves and other forms of email frauds. For instance, the recent scam is currently gearing up for a rise in a defiant attempt to wheedle out Mac users’ sensitive information. The mechanism of deploying this scenario relies on a mass spam activity, where the felons send out thousands of deceptive emails that might resemble a shot in the dark at first sight.

The gist of the fraudulent message is to make the recipient think that their Apple ID has been blocked because it was entered in a new web browser. Moreover, this suspicious event is claimed to have raised an extra red flag because it allegedly took place in a different country, Albania or Russia being most commonly mentioned in the message. For a greater persuasiveness, there is an indication of the purported hacker’s IP address, as well as the date and time of the sign-in. The biggest catch here is that the would-be victim is instructed to follow a link and unlock their credentials; furthermore, their account is stated to be subject to permanent suspension unless this is done within 24 hours. Here’s the full text of the email body:

“Dear Customer,

Your Apple ID was used to sign in to a new web browser.

Date and Time:
IP Address:

Your Apple ID has been temporarily disabled for security reason.

When you see this alerts, you can go to to unlock your account with your existing password.

Your account will permanently disabled if you do not verify your account under 24 hours.


Apple Support”

The fundamental tricky element of the hoax is that the embedded link leads to a rogue not legit Apple ID site. On the outside, it looks just like its genuine counterpart and many Mac users probably won’t tell the difference. It’s the URL that’s the main giveaway – it always differs from Apple’s real one. The phony page contains an imitation of authentication fields where the user is supposed to enter their credentials to log in. Once this is done, the victim gets redirected to another page that asks for additional personal details, including their first and last name, date of birth, and address. Obviously, all of this information will end up in the crooks’ hands if filled out.

There are several telltale signs suggesting that this is nothing but a scam. Firstly, Apple would address users by their name rather than with a phrase “Dear Customer”. Secondly, a deadline to do something otherwise the account will be disabled doesn’t align with the company’s practices. Furthermore, there is a grammar error in the wording, namely the part that says, “Your account will permanently disabled”. Apple wouldn’t send any messages written so carelessly. And again, yet another giveaway is the URL of the linked-to web page – it’s not really, although the anchor text is correct.

There is one more facet of the scam that’s quite disconcerting. It’s about the way the ill-minded operators of the campaign might have obtained one’s email address. It’s within the realms of possibility that the black hats are taking advantage of information from a massive dump of Mac users’ contact details. Therefore, a recipient might have fallen victim to credentials theft in the past, and this could be a malware predicament. There are Trojans that infect computers and perform reconnaissance on it, gathering different types of the plagued users’ information. These culprits are furtive enough to stay inside the system for months or even years without exhibiting any conspicuous symptoms, so it definitely makes sense to ascertain that there is no identity stealing malware on board. The steps below will help check your Mac for such threats. Another important point is to refrain from clicking any links in the scam emails. Stay safe and exercise caution with dubious messages in your inbox.

Get rid of scam virus using Freshmac removal tool

When confronted with issues like the scam on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.

This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Mac fraud.

  1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software

    Download Now

  2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.

  3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.

  4. Check whether the malware problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.

  5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The scam shouldn’t be causing any further trouble.

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in