Example | Fake Scareware Attack (vishing + credential harvesting) | Notion

This is a classic example of a fake security alert phishing attack, more specifically a scareware-style phishing scam that blends vishing (voice phishing) and credential harvesting.

🔍 Type of Attack: Hybrid Phishing (Scareware + Vishing + Credential Phishing)

1. Scareware

How it works: Displays alarming fake system warnings on your screen (e.g., “MacOS_Spyware”, “Access blocked for security reasons”).
Goal: Create urgency and fear to prompt irrational action.
Technique used here:
- False security alert pop-ups claiming spyware infection.
- Fake “MacOS Defender” interface mimicking legitimate Apple interfaces.

2. Vishing (Voice Phishing)

How it works: Prompts the user to call a fake support number.
Goal: Convince the victim over the phone to:
- Install remote access tools (e.g., AnyDesk, TeamViewer).
- Pay for fake security services or software.
- Reveal personal or financial data.
In this case: The user called the number and was told they were “being listened to” — a fear tactic to increase compliance.

3. Credential Harvesting

How it works: A fake login interface asks for the user’s Apple ID and password.
Goal: Steal legitimate credentials for use in identity theft, account compromise, or reselling on the dark web.

🚩 Red Flags in the Screenshot

Red Flag	Why It’s Suspicious
“MacOS_Spyware” and “MacOS_Defender” aren’t real Apple products	Apple doesn’t use these names
Error code “0x800VDS”	Fabricated to sound technical
Prominent phone number with “Apple_Support”	Apple never prompts users to call a number in this way
Demands login credentials	Real Apple warnings never ask for credentials through pop-ups
Browser tab shows multiple similar fake alerts	Indicates a webpage mimicking system alerts, not a real system dialog