This article was published on May 1, 2013

Criminals compromise over 100 sites to display fake Apple ID login pages used in spam email phishing attacks


Criminals compromise over 100 sites to display fake Apple ID login pages used in spam email phishing attacks

Criminals this past week are increasingly targeting Apple IDs as part of their phishing schemes. They are compromising websites so that they can host fake login pages, which are then linked in email spam sent out to trick unsuspecting Apple users.

The latest attack was discovered by Trend Micro, which noticed a pattern in the URLS of relatively new phishing sites. The company’s investigation led to the discovery that sites were compromised, but not hacked (the original content was not modified), to display pages such as this:

apple_credit_card

The goal here is naturally to steal a user’s Apple ID, which for those who don’t know is an all-in-one account used to log into various Apple services such as iWork, iCloud, the iTunes Store, and the Apple Store. Once they gain access, criminals could buy Apple products using your credentials, impersonate you, or even blackmail you.

Trend Micro says it identified a total of 110 compromised sites, all hosted at just one IP address registered to an ISP in the Houston area. The majority of these sites have not been cleaned, and it’s likely the same technique could be used on other sites as well.

Phishing attacks against Apple IDs are nothing new, but the fact sites are being compromised specifically for this purpose as well as the recent spike in the scheme is notable:

chart

Recent attacks have been targeting American, British, and French users, but can of course be extended using simple translations and regional tweaks. As you can see above, some versions ask not just for the user’s Apple ID login credentials, but also their billing address and other personal and credit card information.

The security firm notes users are most likely being directed to these phishing sites via spam emails. These can claim anything to trick the user into clicking, but recent ones have been telling the user that their account will expire unless their information is subject to an “audit.” According to Trend Micro, this not only gets users to click on the link, but it also puts them in a mindset willing to give up information:

apple_mail

To protect yourself from such attacks, don’t click on random links you receive in an email, instant message, social network, and so on. Furthermore, make a point to double-check the URL, including if it’s secure, whenever you login to Apple ID (and any other site for that matter). You can also set up two-step verification, which Apple recently added in response to multiple breaches, by visiting the Apple ID page.

Top Image Credit: linusb4

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with