I am trying to help my mom sort out a phishing attempt she nearly fell pray to. She has an older MacBook running Mojave and uses the newest version of Firefox that is supported. She accidentally clicked on a dodgy link and got a request to input her password. Luckily, this set off alarm bells, so she didn't input any info. She rebooted, but the window was still there, so she closed the window by clicking on the close button. About the same time, she got an email ostensibly from Apple (and it looks legit, but I am not sure how to verify if it is actually from Apple) saying, "Activation Lock is requesting your password on iPhone."
The body of the email reads in part, "For your security, Activation Lock requires your Apple ID and password or your device passcode before anyone can reactivate and use your device. It’s enabled automatically when you enable Find My. If you are setting up this device, simply enter your Apple ID and password in the fields provided. Forgot your password? Learn how to reset your Apple ID password."
What's a little mystifying is that she was on her computer, not her phone, so I can't figure out how some kind of login attempt would have been flagged as being on her phone itself, if the email is legit.
I am sensitive to the fact that the email itself could be a phishing attempt somehow triggered by the link she clicked, or it could really be from Apple and be a sign that the link somehow generated a fraudulent attempted login. Or it could be a coincidence that it happened at the same time?
I think I've read that it's possible to trigger malware or spyware by clicking something that *looks* like a close button on a cleverly designed phishing popup, but I don't know if that's what happened here or what she should do next or how likely that even is. She's not particularly tech-savvy, and even though I'm pretty knowledgeable about the internet and computers in general, this stretches my know-how.
So, now my main question is: how likely is it that she has something nefarious running in the background on her laptop, and should she run a malware scan (and if so how) or what?
Thanks for ant advice or info!
-mjo
The body of the email reads in part, "For your security, Activation Lock requires your Apple ID and password or your device passcode before anyone can reactivate and use your device. It’s enabled automatically when you enable Find My. If you are setting up this device, simply enter your Apple ID and password in the fields provided. Forgot your password? Learn how to reset your Apple ID password."
What's a little mystifying is that she was on her computer, not her phone, so I can't figure out how some kind of login attempt would have been flagged as being on her phone itself, if the email is legit.
I am sensitive to the fact that the email itself could be a phishing attempt somehow triggered by the link she clicked, or it could really be from Apple and be a sign that the link somehow generated a fraudulent attempted login. Or it could be a coincidence that it happened at the same time?
I think I've read that it's possible to trigger malware or spyware by clicking something that *looks* like a close button on a cleverly designed phishing popup, but I don't know if that's what happened here or what she should do next or how likely that even is. She's not particularly tech-savvy, and even though I'm pretty knowledgeable about the internet and computers in general, this stretches my know-how.
So, now my main question is: how likely is it that she has something nefarious running in the background on her laptop, and should she run a malware scan (and if so how) or what?
Thanks for ant advice or info!
-mjo
