FBI “Ransomware” Phishing Scam Affects Mac Users – How To Bypass

Mac FBI Phishing Scam

This is the fake FBI warning affecting some Mac users recently. Click for a larger view.

Update: This scam seems to affect Firefox, Chrome, and other browsers in addition to Safari

There have been reports in the news over the last few days describing a “malware” or “ransomware” affecting Macintosh users that attempts to trick them into paying $300 by posing as an FBI warning. While the situation is real, the details are often being mis-reported.

First, let’s be clear that if you happen to see anything like this, whether on a Mac or a Windows PC, do not pay the $300! It is not from the FBI. It is simply a scam. The FBI would not fine you electronically for copyright violations or distributing illegal content.

Second, while the scam is real, the method of “attack” on Macintosh computers is not a “malware” or “ransomware” as is being described by the media. Rather I classify it as a phishing scam. Do note that Windows computers have been targeted by variations of this scam for at least a year and on the Windows platform the methods of attack are in fact true malware infections. However, on the Mac what the scammers are doing can best be described as a user interface trick with the Safari web browser. While quite alarming and annoying, the attack is not actually infecting any Macs.

Mac FBI Phishing Scam DialogWhen a Mac user running Safari stumbles upon a web site that is hosting the fake FBI warning, the web browser is forced to load up 150 “iframes” that all require a confirmation to dismiss. This unfortunately acts to lock up the Safari browser until the user clicks “Leave Page” 150 times. The user doesn’t know they must click 150 times and the scammers hope that the user gives up and pays the $300 instead. Even if the user Force Quits the Safari browser, by default Safari will always reload any web pages that were previously open. This of course reloads the fake FBI warning web site and indeed it seems that the Safari browser is hopelessly locked.

Fortunately, there is a very simple way to bypass this phishing scam. Oddly enough this simple method is not being widely reported at this time and instead most articles claim that you must “reset” your Safari browser, which has the side-effect of clearing out your history, Top Sites, and other settings you may want to keep. If you happen to stumble upon this fake FBI warning web site, instead of resetting Safari simply follow these 3 simple steps:

  1. Click on the Apple Menu in the upper left-corner of your screen and choose “Force Quit” from the menu. The Force Quit window opens.
  2. Make sure Safari is highlighted and click the Force Quit button. This should shut down Safari. Close the Force Quit window.
  3. Hold down a Shift key on your keyboard as you relaunch the Safari browser (usually by clicking the Safari icon on the dock)

Holding down the Shift key while launching Safari forces the browser to not reload any previously open web sites, bypassing the fake FBI warning page. Again, this phishing scam is not a true infection of any Macintosh computers. Once you bypass the fake FBI warning web site, your Mac is completely safe to use. You do not need any anti-virus, firewall, or other security-type software on your Mac to clean or protect your Mac from this scam. You may choose to download and install an alternate web browser such as Chrome or Firefox if you wish to avoid this issue until Apple patches the Safari browser to prevent the method behind this scam from functioning. However, even if you do stumble upon it more than once, your Mac is not infected or compromised in any way. But as I mentioned earlier, if you are a Windows user and you run into this scam, you are likely infected with malware and you will need to have it professionally cleaned.

Update: If you are having this type of scam affect your iPhone or iPad, please read my article that addresses this issues specifically: Scam Web Pages on iPhones: How to Get Rid of Them

Please let me know if you have any questions or concerns about this or any other technology security issue.