Apple explains how to keep yourself safe from phishing hacks on the web


The trusty green lock you should be paying attention to while surfing.
The trusty green lock you should be paying attention to while surfing. Screenshot: Alex Heath/ Cult of Mac

Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.

To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.

“Apple is deeply committed to protecting our customers’ privacy and security,” said the company. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”

Phishing, or performing a “man-in-the-middle” attack, can easily go unnoticed by the untrained eye. That’s why Apple is wanting to make it clear that is protected by a “digital certificate.” Whenever another site tries to impersonate it, an “invalid certificate warning” will display in Safari. Apple’s support document also lays out how to see if you’re safe in Google Chrome and Firefox.

If you heed these warnings, you will be protected. According to the watchdog group Great Fire, many of the phished users in China were using the Chinese browser Qihoo, which does not warn when a certificate is legitimate.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.