Relentless hackers abandon Windows to target your Apple ID

We're four months into 2025 and there have already been over 10 instances in which attackers specifically targeted Apple users, and these are just the incidents we know of.

Plus, despite shifting their focus, the attackers continue to host these phishing pages on Microsoft's Windows[.]net domain. Since this is a trusted Microsoft platform, it allows the phishing pages to evade detection by security tools that assess risk based on domain reputation.

The phishing campaign exploits common yet highly effective methods called typosquatting and malicious redirects. Victims often end up on these phishing pages after making a simple mistake, such as mistyping a URL while trying to visit a legitimate website. 

Instead of reaching the intended site, they land on a compromised domain parking page. From there, they are redirected through multiple websites before ultimately arriving at the phishing page, which presents a fake Apple security warning. Believing their Apple ID is at risk, victims are tricked into entering their credentials, unknowingly handing them over to the attackers.

One notable case involved a person using Safari who was working at a business secured by a Secure Web Gateway. Despite the organization's security measures, the phishing attempt managed to bypass the gateway's protections.

Phishing campaigns are increasingly targeting macOS users, but you're not defenseless. Here are four essential steps to protect yourself.

3. Regularly monitor your Apple ID activity: Even with strong security measures in place, it's important to keep an eye on your Apple ID account for any signs of unauthorized access. Apple allows users to review their account activity, including devices logged into the account and recent changes. Regularly check your Apple ID settings to ensure that only trusted devices are connected and that no suspicious activity has occurred. If you notice anything unusual, such as login attempts from unfamiliar locations, immediately change your password and remove unauthorized devices. This proactive approach can help you catch potential breaches early and minimize damage.

5. Use a recovery key for enhanced security: Apple offers an optional feature called a recovery key, which is a 28-character code that provides an extra layer of security for your Apple ID. When you enable a recovery key, Apple disables its standard account recovery process, meaning you'll need this key, along with access to a trusted device or phone number, to reset your password or regain access to your account. This makes it significantly harder for attackers to take control of your account.

To set up a recovery key, go to Settings > [Your Name] > Sign-in & Security > Recovery Key on your iPhone, iPad or Mac. Follow the prompts to generate and confirm your recovery key. Be sure to write it down and store it in a secure location, such as a safe or with a trusted family member. Keep in mind that losing both your recovery key and access to trusted devices can permanently lock you out of your account. However, if used responsibly, this feature gives you greater control over your account's security.

7. Practice safe browsing: Many attacks rely on simple user mistakes, such as mistyping a URL or clicking on suspicious links. Always verify that you're visiting legitimate websites before entering any personal information. Be skeptical of unexpected security alerts, even if they mimic Apple's design. Learning to identify the subtle signs of phishing, like unusual URL structures or generic greetings, can help you avoid falling for these scams.

Apple has long sold the idea that its ecosystem is inherently safer than the alternatives, but that claim is starting to wear thin. The reality is that attackers are no longer ignoring Mac users, they're actively targeting them, and Apple's response has been anything but proactive. While Microsoft, Google and others roll out new security measures to counter evolving threats, Apple remains slow to adapt, relying on outdated assumptions about its platform's safety.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.