Apple users are being warned to stay vigilant following the discovery of a new series of phishing attacks targeting the Apple ID network.
Researchers at Trend Micro have uncovered a series of compromised sites that are being used to host fake login pages. Designed to resemble the Apple ID login screen, the pages ask users to enter both their usernames and passwords.
The compromised credentials are then believed to be harvested by the attackers for future use in account thefts.
Researchers noted that the phishing sites have been connected to a spam campaign as well. Designed to resemble an official Apple notification, the messages attempt to direct users to the phishing sites by warning of an impending account removal.
"We’ve seen attacks targeting not only American users, but also British and French users," wrote Paul Pajares, Trend Micro's fraud analyst.
"Some versions of this attack ask not only for the user's Apple ID login credentials, but also their billing address and other personal and credit card information."
Though the pages themselves are designed to closely resemble the Apple ID site, researchers note that the address information itself can easily be spotted. Aside from not matching Apple's own domains, the pages do not use the secure connection required by Apple to log into its ID platform.
In addition to using best practices to avoid spam sites, users can protect themselves from account theft by activating Apple's new two-factor authentication platform.
Introduced by the company last month, the security tool pairs an account with a user's mobile phone and asks for a one-time use numerical code, which is sent via SMS. Such two-factor controls have long been advocated by security experts for their ability to prevent account loss even when a user's login credentials are stolen.