“Remote assistance is becoming more and more popular to troubleshoot computer issues without the hassle of bringing the problematic machine to a store. Indeed, from the comfort of your own home you can let a Certified Technician remotely log into your PC and have them fix the issues you are facing,” Jérôme Segura reports for Malwarebytes. “Apple offers a screen sharing service part of its support center that puts you in touch with a remote advisor. The process is secure and requires a unique session key to authenticate into the system that the customer needs to enter at the following URL: https://ara.apple.com.”
“In today’s post we will talk about how we discovered that crooks are abusing this feature and fooling Mac users into trusting them,” Segura reports. “As we have been documenting it so many times on this blog, there has been an explosion of tech support scams via malvertising and fraudulent affiliates. All systems are targeted, not just Windows PCs and in fact, fraudulent warnings for Mac are getting extremely common.”
“These pages are designed to scare people into thinking there is something wrong with their computer,” Segura reports. “The crooks registered a website with a domain name that looks like the real Apple one (ara.apple.com) by calling it ara-apple.com. The site was registered through GoDaddy and resides on IP address 22.214.171.124. We have contacted both the registrar (GoDaddy) and hosting provider (Liquid Web) so that they can take appropriate actions in shutting down these fraudulent websites.”
Read more and see the screenshots in the full article here.
MacDailyNews Take: Let’s be careful out there!