All the latest UK technology news, reviews and analysis


Phishing scam targets Apple ID users

30 Apr 2013
Apple logo

Apple users are being warned to stay vigilant following the discovery of a new series of phishing attacks targeting the Apple ID network.

Researchers at Trend Micro have uncovered a series of compromised sites that are being used to host fake login pages. Designed to resemble the Apple ID login screen, the pages ask users to enter both their usernames and passwords.

The compromised credentials are then believed to be harvested by the attackers for future use in account thefts.

Researchers noted that the phishing sites have been connected to a spam campaign as well. Designed to resemble an official Apple notification, the messages attempt to direct users to the phishing sites by warning of an impending account removal.

"We’ve seen attacks targeting not only American users, but also British and French users," wrote Paul Pajares, Trend Micro's fraud analyst.

"Some versions of this attack ask not only for the user's Apple ID login credentials, but also their billing address and other personal and credit card information."

Though the pages themselves are designed to closely resemble the Apple ID site, researchers note that the address information itself can easily be spotted. Aside from not matching Apple's own domains, the pages do not use the secure connection required by Apple to log into its ID platform.

In addition to using best practices to avoid spam sites, users can protect themselves from account theft by activating Apple's new two-factor authentication platform.

Introduced by the company last month, the security tool pairs an account with a user's mobile phone and asks for a one-time use numerical code, which is sent via SMS. Such two-factor controls have long been advocated by security experts for their ability to prevent account loss even when a user's login credentials are stolen.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?
65%
5%
0%
0%
30%
0%

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
mubaloo2

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Web Developer (PHP, JavaScript, CSS, HTML, OOP)

Key Skills: Web, Developer, Programmer, PHP, JavaScript...

CRM System Support & Development Manager

At the University of Derby, people are at the heart of...

CRM System Officers

At the University of Derby, people are at the heart of...

HTML Email Developer

At the University of Derby, people are at the heart of...
To send to more than one email address, simply separate each address with a comma.