Cybercriminals who previously targeted Windows users are now aiming at Mac owners in a new phishing campaign designed to steal Apple ID credentials. The shift reportedly comes after Microsoft, Google and Mozilla introduced stronger browser protections that reduced similar attacks on Windows devices.
According to cybersecurity researchers, the phishing campaign had initially gained success between 2024 and 2025 by using fake, professional-looking websites that displayed alarming security warnings. These deceptive pages tricked users into believing their devices were compromised. Victims were prompted to enter their Windows login credentials, after which the scammers executed code to freeze the web page, creating the illusion of a system hack.
The fake sites were hosted on Microsoft’s Windows.net platform, giving them an appearance of legitimacy. To stay undetected, scammers frequently updated their phishing pages and used anti-bot and CAPTCHA tools to block automated scanners used by cybersecurity experts.
Once Microsoft rolled out anti-scareware protection for its Edge browser and similar security updates came from Chrome and Firefox, the attacks on Windows users dropped by about 90 percent. This prompted hackers to modify their tactics and target Mac and Safari users instead.
The new wave of attacks mirrors the earlier Windows scheme but includes changes to attract Mac users. Interestingly, despite targeting Apple users, the phishing pages are still hosted on Windows.net.
Experts warn that Mac users are not immune to modern threats. “Phishing attacks are evolving and despite the fact that Macs are traditionally less susceptible to viruses, Mac users are no exception to many modern threats,” said Darren Guccione, CEO and co-founder of Keeper Security.
He added, “Cybercriminals are opportunistic. When one attack vector gets blocked, they pivot to the next. This campaign demonstrates how quickly attackers adapt, leveraging trusted infrastructure and sophisticated deception to bypass traditional security measures.”
Users are advised to protect themselves by using password managers, enabling multi-factor authentication and undergoing security awareness training. Guccione emphasized that “the best defense is knowing how to spot and respond to phishing attempts, which includes keeping an eye out for urgent language, avoiding clicking on suspicious links and pop-ups and visiting trusted websites directly.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
