How to Remove Phishing Virus from Mac

Remove a phishing virus from your Mac by following these steps:

  1. Close the pop-up message.
  2. Close the browser if the pop-up notification won’t go away.
  3. Uninstall the suspicious extension from your browser.
  4. Protect your Mac accounts with 2-factor authentication.
  5. Manually remove the virus from your Mac.
  6. Reset your browser.
  7. Use an antivirus tool.

You previously clicked on a virus warning message in your browser and later realized it could’ve been fake. What’s worse, your MacBook device has been behaving strangely since engaging with the pop-up message. In many cases, this is a phishing virus, and engaging with it could cost you.


Before we begin:


A Cloudflare 2023 phishing threats report found that an estimated 90% of successful cyberattacks start with email phishing. Phishing viruses are a common phishing tactic used to make money from unsuspecting victims or infect their devices with viruses and malware.


Because it’s challenging to thoroughly remove viruses manually, we recommend using MacKeeper’s Antivirus tool. This feature automatically scans your Mac for viruses and malware and removes them on your behalf, thereby reducing threats and protecting your privacy.


Here’s how to use MacKeeper’s Antivirus tool:

  1. Download MacKeeper on your Mac and choose Antivirus in the sidebar.
  2. Enable real-time protection by hitting the Enable button and then clicking the Start Scan button.
  3. When the scan is finished, MacKeeper will let you know if any threats were unearthed. If there were, follow the on-screen prompts to remove them promptly.

In this article, we’ll show you all the ways to remove a phishing virus from your Mac.

What is a phishing virus?

A phishing virus is a form of malware that is used to scam victims or steal their personal information by deceiving them. This is typically achieved by sending internet users a fake notification that warns them that a virus has been detected on their system and includes a prompt to call a number or click on a link. However, doing so can cause unwanted consequences.


Some of these viruses lead you to malicious websites that secretly steal your sensitive information. This can include your keystrokes, which would allow cybercriminals to access your banking and other financial information. In other instances, they convince you to pay for services to remove the supposed virus from your device. However, the whole situation is a scam.


What is phishing? It’s a form of cybercrime that aims to convince individuals to perform an action with malicious intentions. For example, when you receive an email from someone who claims to be from Verizon and asks you to update your payment details, but it’s from a Gmail account, that’s a phishing email.


Hint from our team: 


Deceptive links are the primary phishing tactic used by hackers (Cloudflare 2023 phishing threats report). That’s why you should never click on the links you receive through pop-up messages or other forms of communication.

How to detect a phishing virus on your Mac

Phishing viruses don’t identify themselves as such. That’s why they’re so successful at deceiving their victims. However, there are ways to tell if you’re dealing with a phishing virus to avoid getting scammed or compromising your privacy.


Below are the common clues that point to a pop-up being a phishing virus on your Mac:

  • Claims that you’ve won a prize. When you receive a pop-up message claiming you’ve won a prize, be concerned. If the message asks you to click on a link to claim the prize, close it and your browser immediately. In most cases, you wouldn’t have entered a competition, which should be a dead giveaway that the message is fake. And even if you did, the company would contact you using the contact details you would have provided, not through a random message in your browser.
  • A sense of urgency. Scammers want you to perform the desired action as quickly as possible, so they turn up the pressure. It’s common for phishing messages to include a short time period within which you should respond, like within a few hours. To motivate you to act fast, they usually instill fear or include a threat, like closing your account if you don’t respond within the specified time.
  • Spelling errors are used. Any legitimate company wouldn’t have spelling and grammatical errors in their communication materials or website. However, scammers almost always have spelling errors in their phishing messages. Therefore, treat any pop-up notification with incorrect spelling as a phishing virus.
  • A device scan. If you open a webpage and a pop-up message appears and starts scanning your device for viruses, you’re likely dealing with a phishing virus. After the supposed scan is completed, you’ll be notified that a virus has been detected and convinced to click on a link to download an antivirus service. However, the program could be malware designed to steal your data.
  • Exclusivity. Some phishing virus scams appear as pop-ups notifying you that your device is the only one that’s been chosen for something. That could be a prize or access to a financial scheme. While this may sound enticing, the exclusivity is unusual, and the message shouldn’t be taken seriously.

How to stop phishing pages on your Mac

Follow the steps below to stop phishing pages on your Mac:

  1. Uninstall the extension from your browser. Open Safari, then choose Safari in the top menu bar and select Preferences. Choose the extension and select Uninstall.
  2. Protect your Mac accounts by keeping your software updated.
  3. Manually remove the problematic virus.

Follow the detailed guide below to remove a phishing virus from your MacBook device.

1. Uninstall the extension from your browser

Open Safari and click Safari > Preferences > Extensions. Find the extension you’re suspicious of, and click the Uninstall button below it.

Uninstall the extension from your browser to remove phishing viruses that may be present. To do this, open Safari and click Safari > Preferences > Extensions.
Step 1. Selecting Preferences
To uninstall an extension from your browser on a Mac, find the extension you’re suspicious of, and click the Uninstall button below it
Step 2. Uninstalling a Safari extension

2. Protect your Mac accounts

There are several ways to secure your Mac accounts:

  • Update macOS to install security patches and bug fixes.
  • Create accounts for each user.
  • Create complex passwords to prevent unauthorized individuals from accessing your device’s accounts.
  • Limit the number of administrative users.
  • Secure your Mac device when it’s idle.
  • Create passkeys.

3. Stopping and removing the virus

If the virus is in the form of an app, you can remove it manually by following the steps below:

  1. Go to Finder and select Applications in the sidebar.
  2. Search for the app you want to delete and drag it to the Trash.
Stop and remove the virus using these steps: Go to Finder and select Applications in the sidebar. Search for the app you want to delete and drag it to the Trash.

How to delete a phishing virus on your Mac

Deleting a phishing virus manually could leave leftover files behind. Avoid this by using trusted antivirus software instead. MacKeeper’s Antivirus tool does a thorough job of removing viruses and malware, thereby securing your Mac. Because the process is automated, it eliminates viruses in a fraction of the time, which makes it convenient even for novices.


Here’s how to use it:

  1. Download MacKeeper on your Mac and choose Antivirus in the sidebar.
  2. Hit the Enable button to ensure your Mac is protected in real time, followed by the Start Scan button.
  3. MacKeeper will notify you if any threats are found. In that case, follow the on-screen prompts to eliminate them.
To delete a phishing virus from your Mac, download MacKeeper and choose Antivirus in the sidebar. Enable real-time protection and hit the Start Scan button. Follow the on-screen prompts to eliminate threats.

How phishing links spread on a Mac

Phishing links are distributed in a multitude of ways on Mac devices. The most common method of distribution is phishing emails, which are typically mass emails sent to random email addresses. However, phishing links are also spread through viruses, malware, adware, and other potentially unwanted programs (PUPs). Finally, phishing links can be spread through referrers.

1. Spam distribution through a referrer

Have you ever noticed spam comments with links in a web page’s comment section? That’s called referrer spam. Bad actors use web crawlers and ghost referrals to attack vulnerable websites and target their visitors with links to malicious websites.

How do web crawlers and ghost referrals work?

Web crawlers are spam bots that take advantage of web pages that aren’t secure, like those that don’t have Captcha forms, to comment on spam links. Readers who click on those links can infect their devices with viruses and malware.


Ghost referrals, on the other hand, are more stealthy, as they use software that can remain undetected on a website for years.

2. Distribution via phishing emails

Phishing emails are sent out by cybercriminals in the hopes that you’ll respond by taking the action requested, like:

  • Clicking on a link takes you to a malicious website
  • Downloading a malicious attachment

When you engage with the link or attachment, your device can be infected with malware, and your personal information can be stolen. Phishing emails can also outright ask for you to provide your sensitive information, like your banking details. The trick is that the cybercriminals who send these emails pose as legitimate representatives of companies you know and trust.


For example, a cybercriminal can email you, posing as a PayPal employee, and ask you to update your payment information. If you don’t pay attention to the inconsistencies in the email, you could fall for it and end up losing money.


Note from our experts: 


According to Station X, approximately 3.4 billion phishing emails are sent by cybercriminals daily. Any one of those emails could land in your inbox, so read them carefully. Contact the company directly if you’re unsure about an email's authenticity.

3. Spread by viruses and other malware

Malware infections can bring about other phishing attacks. One of the most popular of these is phishing pages known as Trojan.Clickers.


Trojan.Clickers intercept your browsing activity by redirecting you to malicious web pages that look similar to the ones you’re trying to open. For instance, a Trojan horse can detect that you’re trying to go to a page on PayPal, so it redirects you to a PayPal lookalike web page that is malicious instead.


Your device contains sensitive information that should be protected at all costs. Learn how to check for viruses and get rid of malware to secure it.

4. Spread through adware and other PUPs

This is another common method of spreading phishing viruses that lead victims to malicious websites. This type of phishing is spread via various methods, including:

  • Software bundling, which aids in the distribution of potentially unwanted programs (PUPs). Software bundling occurs when you buy software or a service and another free, usually malicious, service is included as a bonus. What makes PUPs suspicious is that they’re typically hard to locate and uninstall, so they could remain on your device for a long period of time.
  • Web browser redirection or a fake web page, like a fake Facebook login page posted on a toolbar.

How to avoid installing potentially dangerous programs

Avoid installing dangerous programs by being careful when browsing online. Install the software you trust and download programs from official sources.


Follow the steps below to learn more about how to avoid potentially dangerous programs.

1. Be careful when browsing the web

Not everyone uses the internet with good intentions, like you do. Others are out to scam you out of your money or steal your personal information. Always proceed with caution and be vigilant. Don’t click on suspicious links and pop-ups, stay on strange websites, or enter your personal information on unknown web pages.

2. Software installation

Avoid downloading software you aren’t familiar with. Always check the reviews and the developer’s official website. Also, research what other people are saying about the software online and on social media. If the sentiments are generally negative, or there is limited information about the software, don’t take any chances by installing it.

3. Download programs only from official sources

Official app stores, like Apple’s App Store, put third-party apps through strict security checks to ensure they’re safe and secure enough for public use. Likewise, apps that are downloaded from official websites can usually be trusted. Avoid downloading apps from sources whose legitimacy you can’t vouch for.

Safeguard your Mac against phishing

Phishing viruses are sly; they can infect your computer without you knowing. By the time you notice, the damage could be significant. Use the tips in our article to remove phishing viruses from your Mac.


With MacKeeper’s Antivirus tool, you can easily and quickly find and remove phishing viruses from your Mac and keep them out.

Download Pro Cleaning & Security App

*You can download the app for free and try its functionality yourself before making a purchase.

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.



MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Run Application


Click Continue


Click Install


Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.